CN117749741A - Network data forwarding method, device, equipment and storage medium - Google Patents
Network data forwarding method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN117749741A CN117749741A CN202311764508.4A CN202311764508A CN117749741A CN 117749741 A CN117749741 A CN 117749741A CN 202311764508 A CN202311764508 A CN 202311764508A CN 117749741 A CN117749741 A CN 117749741A
- Authority
- CN
- China
- Prior art keywords
- wan
- network data
- destination
- interface
- mpls
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000013461 design Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 230000006855 networking Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000002452 interceptive effect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Abstract
The application provides a network data forwarding method, device, equipment and storage medium. The method comprises the following steps: receiving network data sent by each SD-WAN client terminal device through a corresponding SD-WAN tunnel; wherein each network data comprises a destination Internet Protocol (IP) address of the corresponding SD-WAN client terminal equipment; inquiring a virtual route forwarding VRF instance library according to an SD-WAN tunnel aiming at network data sent by any SD-WAN client terminal equipment so as to obtain a corresponding VRF instance; obtaining a corresponding Virtual Local Area Network (VLAN) interface according to VRF examples, wherein each VRF example corresponds to one VLAN interface; network data is sent to multiprotocol label switching MPLS operator edge devices over VLAN interfaces. And isolating an exclusive logic network slice for each tenant on the SD-WAN gateway equipment, so as to realize the multi-tenant bearing function.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, an apparatus, a device, and a storage medium for forwarding network data.
Background
Under the current network environment, cross-border networking collaboration between international operators presents a significant challenge. On the one hand, there are differences in network architecture and technical standards between different operators, and how to implement cross-network and cross-border hybrid networking is a complex problem.
In the prior art, a hybrid networking manner of cross-network and cross-border is often implemented by using an SD-WAN (Software-defined wide area network) as a backup network of an MPLS (Multiprotocol Label Switching ) VPN (Virtual Private Network, virtual private network).
However, in the prior art, the hybrid networking is performed by using independent planes based on a single technology, so that the problem of multi-tenant load bearing cannot be solved.
Disclosure of Invention
The application provides a network data forwarding method, device, equipment and storage medium, which are used for solving the technical problem that the prior art performs hybrid networking based on independent planes of a single technology and cannot solve the problem of multi-tenant bearing.
In a first aspect, the present application provides a network data forwarding method applied to a software defined wide area network SD-WAN gateway device, including:
receiving network data sent by each SD-WAN client terminal device through a corresponding SD-WAN tunnel, wherein each SD-WAN client terminal device corresponds to one SD-WAN tunnel; wherein each network data comprises a destination Internet Protocol (IP) address of the corresponding SD-WAN client terminal equipment;
inquiring a virtual route forwarding VRF instance library according to the SD-WAN tunnel aiming at network data sent by any SD-WAN client terminal equipment so as to obtain a corresponding VRF instance;
Obtaining a corresponding Virtual Local Area Network (VLAN) interface according to the VRF examples, wherein each VRF example corresponds to one VLAN interface;
and transmitting the network data to the multiprotocol label switching MPLS operator edge equipment through the VLAN interface, so that the MPLS operator edge equipment queries a VPN interface corresponding to the destination IP address in a VPN routing table of a virtual private network, and transmits the network data to the corresponding MPLS user edge equipment through the VPN interface.
Optionally, the method as described above further comprises: receiving network data sent by an MPLS operator edge device through a corresponding VLAN interface, wherein the network data is sent to the MPLS operator edge device by any MPLS user edge device through a corresponding VPN interface, wherein the network data comprises a destination IP address of any MPLS user edge device, wherein the corresponding VLAN interface is obtained by the MPLS operator edge device according to the destination IP address inquiring VLAN routing table, wherein the VPN interface is obtained by the MPLS user edge device according to the destination IP address inquiring in the VPN routing table; inquiring the VRF instance library according to the corresponding VLAN interface to obtain a corresponding VRF instance; querying a destination SD-WAN tunnel corresponding to the destination IP address in a routing table of the VRF instance; and sending the network data to the destination SD-WAN client terminal equipment through the destination SD-WAN tunnel.
Optionally, the method as described above further comprises: receiving an exchange routing table sent by a management end, wherein the exchange routing table is generated by an operator of the management end exchanging routing information of the SD-WAN gateway equipment and the MPLS operator edge equipment by applying a border gateway protocol BGP; and updating the routing tables of all VRF instances in the VRF instance library according to the switching routing table.
In a second aspect, the present application provides a network data forwarding method, applied to MPLS operator edge devices, including:
receiving network data sent by an SD-WAN gateway device through a VLAN interface, where the network data is sent by any SD-WAN client terminal device to the SD-WAN gateway device through a corresponding SD-WAN tunnel, where the network data includes a destination IP address of the any SD-WAN client terminal device, where each SD-WAN client terminal device corresponds to one SD-WAN tunnel, where the VLAN interface is acquired by the SD-WAN gateway device through a VRF instance, where each VRF instance corresponds to one VLAN interface, where the VRF instance is acquired by the SD-WAN gateway device according to the SD-WAN tunnel querying a VRF instance library; querying a VPN interface corresponding to the destination IP address in a VPN routing table; and sending the network data to the corresponding MPLS user edge equipment through the VPN interface.
Optionally, the method as described above further comprises: receiving network data sent by any MPLS user edge equipment through a corresponding VPN interface, wherein the network data comprises a destination IP address of the any MPLS user edge equipment, and the VPN interface is obtained by inquiring the MPLS user edge equipment in the VPN routing table according to the destination IP address; inquiring a VLAN routing table according to the destination IP address to obtain a VLAN interface; and sending the network data to an SD-WAN gateway device according to the VLAN interface, so that the SD-WAN gateway device queries the VRF instance library according to the VLAN interface to obtain a corresponding VRF instance, and queries a destination SD-WAN tunnel corresponding to the destination IP address in a routing table of the VRF instance, and sends the network data to a destination SD-WAN user terminal through the destination SD-WAN tunnel.
Optionally, the method as described above further comprises: receiving an exchange routing table sent by a management end, wherein the exchange routing table is generated by an operator of the management end exchanging routing information of the SD-WAN gateway equipment and the MPLS operator edge equipment by applying a border gateway protocol BGP; and updating the VLAN routing table according to the switching routing table.
In a third aspect, the present application provides a network data forwarding apparatus applied to a software defined wide area network SD-WAN gateway device, including:
the receiving module is used for receiving the network data sent by the SD-WAN client terminal devices through the corresponding SD-WAN tunnels, wherein each SD-WAN client terminal device corresponds to one SD-WAN tunnel; wherein each network data comprises a destination Internet Protocol (IP) address of the corresponding SD-WAN client terminal equipment;
the query module is used for querying a virtual route forwarding VRF instance library according to the SD-WAN tunnel aiming at network data sent by any SD-WAN client terminal equipment so as to obtain a corresponding VRF instance;
the acquisition module is used for acquiring a corresponding Virtual Local Area Network (VLAN) interface according to the VRF examples, wherein each VRF example corresponds to one VLAN interface;
and the sending module is used for sending the network data to the multiprotocol label switching MPLS operator edge equipment through the VLAN interface, so that the MPLS operator edge equipment queries a VPN interface corresponding to the destination IP address in a VPN routing table of a virtual private line network, and sends the network data to the corresponding MPLS user edge equipment through the VPN interface.
In a fourth aspect, the present application provides a network data forwarding apparatus, applied to an MPLS operator edge device, including:
a receiving module, configured to receive network data sent by an SD-WAN gateway device through a VLAN interface, where the network data is sent by any SD-WAN client device to the SD-WAN gateway device through a corresponding SD-WAN tunnel, where the network data includes a destination IP address of the any SD-WAN client device, where each SD-WAN client device corresponds to one SD-WAN tunnel, where the VLAN interface is acquired by the SD-WAN gateway device through a VRF instance, where each VRF instance corresponds to one VLAN interface, where the VRF instance is acquired by the SD-WAN gateway device according to the SD-WAN tunnel querying a VRF instance library;
the inquiring module is used for inquiring the VPN interface corresponding to the target IP address in the VPN routing table;
and the sending module is used for sending the network data to the corresponding MPLS user edge equipment through the VPN interface.
In a fifth aspect, the present application provides a network device, comprising: a processor, and a memory communicatively coupled to the processor;
the memory stores computer-executable instructions;
The at least one processor executes the computer-executable instructions stored by the memory such that the at least one processor performs the network data forwarding method as described in the first aspect and the various possible designs of the first aspect, or the network data forwarding method as described in the second aspect and the various possible designs of the second aspect.
In a sixth aspect, embodiments of the present application provide a computer-readable storage medium having stored therein computer-executable instructions for implementing the method as described above for the first aspect and the various possible designs of the first aspect, or the method as described above for the second aspect and the various possible designs of the second aspect, when executed by a processor.
According to the network data forwarding method, device, equipment and storage medium, the corresponding VRF instance is obtained according to the SD-WAN tunnel, the corresponding VLAN interface is obtained according to the VRF instance, then the network data is sent to the MPLS operator edge equipment through the VLAN interface, and an exclusive logic network slice is isolated for each tenant on the SD-WAN gateway equipment by utilizing the association relationship among the SD-WAN tunnel, the VRF instance and the VLAN interface, so that the multi-tenant bearing function is realized.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic view of a scenario of a network data forwarding method provided in an embodiment of the present application;
fig. 2 is a flow chart of a network data forwarding method according to an embodiment of the present application;
fig. 3 is a flow chart of a network data forwarding method according to another embodiment of the present application;
fig. 4 is an interactive flow diagram of a network data forwarding method according to an embodiment of the present application;
fig. 5 is an interactive flow diagram of a network data forwarding method according to another embodiment of the present application;
fig. 6 is a schematic structural diagram of a network data forwarding device according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of another network data forwarding device according to an embodiment of the present application;
fig. 8 is a schematic hardware structure of a network device according to an embodiment of the present application.
Specific embodiments thereof have been shown by way of example in the drawings and will herein be described in more detail. These drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but to illustrate the concepts of the present application to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as detailed in the accompanying claims.
It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) referred to in the present application are information and data authorized by the user or fully authorized by each party, and the collection, use and processing of the related data need to comply with the related laws and regulations and standards, and provide corresponding operation entries for the user to select authorization or rejection.
The following describes the technical solutions of the present application and how the technical solutions of the present application solve the above technical problems in detail with specific embodiments. The following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Fig. 1 is a schematic view of a scenario of a network data forwarding method according to an embodiment of the present application. As shown in fig. 1, the system provided in this embodiment includes a software defined wide area network client terminal device 101, a software defined wide area network gateway device 102, a multi-protocol label switching operator edge device 103, and a multi-protocol label switching user edge device 104.
The software defined wide area network client terminal device 101 may be a mobile phone or a computer.
The multi-protocol label switching user edge device 104 may be a cell phone or a computer.
Wherein the software defined wide area network client terminal device 101, the software defined wide area network gateway device 102, the multi-protocol label switching operator edge device 103 and the multi-protocol label switching user edge device 104 can communicate with each other.
Fig. 2 is a flow chart of a network data forwarding method according to an embodiment of the present application. The execution body of the embodiment may be the software defined wan gateway device 102 shown in fig. 1, or may be another computer device, which is not particularly limited herein. As shown in fig. 2, the method includes:
s201: receiving network data sent by each SD-WAN client terminal device through a corresponding SD-WAN tunnel, wherein each SD-WAN client terminal device corresponds to one SD-WAN tunnel; wherein each network data contains a destination IP (Internet Protocol ) address of the corresponding SD-WAN client terminal device.
Wherein, the network data comprises: source IP address, destination IP address, and protocol fields, etc.
S202: and inquiring a VRF (Virtual Routing and Forwarding, virtual routing forwarding) instance library according to the SD-WAN tunnel for network data sent by any SD-WAN client terminal equipment so as to acquire a corresponding VRF instance.
Among other things, VRF instances include: routing table, forwarding table, interface, policy and filtering rule,
S203: corresponding VLAN (Virtual Local Area Network ) interfaces are obtained according to VRF instances, wherein each VRF instance corresponds to one VLAN interface.
Specifically, the association configuration of the VRF instance is queried to obtain the corresponding VLAN interface.
S204: and transmitting network data to the multiprotocol label switching MPLS operator edge equipment through the VLAN interface, so that the MPLS operator edge equipment queries a VPN interface corresponding to the destination IP address in the VPN routing table, and transmits the network data to the corresponding MPLS user edge equipment through the VPN interface.
From the above description, the present application obtains the corresponding VRF instance according to the SD-WAN tunnel, obtains the corresponding VLAN interface according to the VRF instance, and then sends network data to the MPLS operator edge device through the VLAN interface, and isolates an exclusive logical network slice for each tenant on the SD-WAN gateway device by using the association relationship among the SD-WAN tunnel, the VRF instance and the VLAN interface, thereby implementing the multi-tenant bearer function.
In one embodiment of the present application, the foregoing embodiment further includes a process of sending network data from the MPLS user edge device to the SD-WAN client terminal device, which is described in detail below:
s205: receiving network data sent by the MPLS operator edge device through a corresponding VLAN interface, wherein the network data is sent to the MPLS operator edge device by any MPLS user edge device through a corresponding VPN interface, wherein the network data comprises a destination IP address of any MPLS user edge device, wherein the corresponding VLAN interface is obtained by the MPLS operator edge device according to the destination IP address inquiring VLAN routing table, and the VPN interface is obtained by the MPLS user edge device according to the destination IP address inquiring in the VPN routing table.
Wherein, the network data comprises: source IP address, destination IP address, and protocol fields, etc.
S206: and querying the VRF instance library according to the corresponding VLAN interface to obtain the corresponding VRF instance.
Wherein one VLAN interface corresponds to one VRF instance.
S207: and inquiring a destination SD-WAN tunnel corresponding to the destination IP address in a routing table of the VRF instance.
Specifically, a lookup command is generated according to the destination IP address, and the lookup command is executed to query a routing table of the VRF instance to obtain a corresponding destination SD-WAN tunnel.
S208: network data is sent to the destination SD-WAN client terminal device through the destination SD-WAN tunnel.
From the above description, the present application obtains the corresponding VRF instance according to the SD-WAN tunnel, obtains the corresponding VLAN interface according to the VRF instance, and then sends network data to the MPLS operator edge device through the VLAN interface, and isolates an exclusive logical network slice for each tenant on the SD-WAN gateway device by using the association relationship among the SD-WAN tunnel, the VRF instance and the VLAN interface, thereby implementing the multi-tenant bearer function.
In one embodiment of the present application, based on the above embodiment, a process of exchanging routing information is further included, which is described in detail below:
s209: and receiving a switching routing table sent by the management end, wherein the switching routing table is generated by switching routing information of the SD-WAN gateway equipment and the MPLS operator edge equipment by using BGP (Border Gateway Protocol ) by an operation and maintenance personnel of the management end.
It should be noted that, the operator at the management end uses the two-layer network to connect the SD-WAN gateway device with the MPLS operator edge device.
It should be noted that, multiple VLANs are divided over the network interface interconnecting the SD-WAN gateway device and the MPLS operator edge device, and different VLAN IDs (identities) correspond to different tenants.
It should be noted that, multiple logical gateways are virtualized by VRF on the SD-WAN gateway device, and each logical gateway serves one tenant.
It should be noted that, two ends of the VRF instance in the SD-WAN gateway device are respectively connected to the SD-WAN tunnel and the VLAN interface, and the SD-WAN tunnel and the VLAN interface of the same tenant are connected.
S210: and updating the routing tables of all VRF instances in the VRF instance library according to the switching routing tables.
Specifically, for the routing table of any VRF instance in the VRF instance library, comparing the routing table of the VRF instance with the switching routing table to obtain a comparison result; if the comparison result is different, the routing table of the VRF instance is updated according to the switching routing table.
As can be seen from the above description, the present application updates the routing tables of all the VRF instances in the VRF instance library according to the switching routing tables, so as to implement the routing information exchange between the SD-WAN gateway device of the same tenant and the edge device of the MPLS operator, and further implement the interconnection and interworking between the SD-WAN gateway device of the same tenant and the edge device of the MPLS operator.
Fig. 3 is a flowchart of a network data forwarding method according to another embodiment of the present application. The execution body of the embodiment may be the multi-protocol label switching carrier edge device 103 shown in fig. 1, or may be other computer devices, which is not particularly limited herein. As shown in fig. 3, the method includes:
S301: receiving network data sent by an SD-WAN gateway device through a VLAN interface, where the network data is sent by any SD-WAN client device to the SD-WAN gateway device through a corresponding SD-WAN tunnel, where the network data includes a destination IP address of any SD-WAN client device, where each SD-WAN client device corresponds to one SD-WAN tunnel, where the VLAN interface is acquired by the SD-WAN gateway device through a VRF instance, where each VRF instance corresponds to one VLAN interface, where the VRF instance is acquired by the SD-WAN gateway device according to the SD-WAN tunnel querying a VRF instance library.
Wherein, the network data comprises: source IP address, destination IP address, and protocol fields, etc.
S302: and inquiring a VPN interface corresponding to the destination IP address in the VPN routing table.
Specifically, a search command is generated according to the destination IP address, and the search command is executed to query the VPN routing table to obtain a corresponding VPN interface.
S303: and sending the network data to the corresponding MPLS user edge equipment through the VPN interface.
From the above description, the present application obtains the corresponding VRF instance according to the SD-WAN tunnel, obtains the corresponding VLAN interface according to the VRF instance, and then sends network data to the MPLS operator edge device through the VLAN interface, and isolates an exclusive logical network slice for each tenant on the SD-WAN gateway device by using the association relationship among the SD-WAN tunnel, the VRF instance and the VLAN interface, thereby implementing the multi-tenant bearer function.
In one embodiment of the present application, the foregoing embodiment further includes a process of sending network data from the MPLS user edge device to the SD-WAN client terminal device, which is described in detail below:
s304: and receiving network data sent by any MPLS user edge equipment through a corresponding VPN interface, wherein the network data comprises a destination IP address of any MPLS user edge equipment, and the VPN interface is obtained by inquiring the MPLS user edge equipment in a VPN routing table according to the destination IP address.
Wherein, the network data comprises: source IP address, destination IP address, and protocol fields, etc.
S305: and inquiring the VLAN routing table according to the destination IP address to obtain a VLAN interface.
Specifically, a search command is generated according to the destination IP address, and the search command is executed to search the VLAN routing table to obtain a corresponding VLAN interface.
S306: and sending network data to the SD-WAN gateway equipment according to the VLAN interface, so that the SD-WAN gateway equipment queries a VRF instance library according to the VLAN interface to obtain a corresponding VRF instance, and queries a destination SD-WAN tunnel corresponding to the destination IP address in a routing table of the VRF instance, and sends the network data to the destination SD-WAN user terminal through the destination SD-WAN tunnel.
From the above description, the present application obtains the corresponding VRF instance according to the SD-WAN tunnel, obtains the corresponding VLAN interface according to the VRF instance, and then sends network data to the MPLS operator edge device through the VLAN interface, and isolates an exclusive logical network slice for each tenant on the SD-WAN gateway device by using the association relationship among the SD-WAN tunnel, the VRF instance and the VLAN interface, thereby implementing the multi-tenant bearer function.
In one embodiment of the present application, based on the above embodiment, a process of exchanging routing information is further included, which is described in detail below:
s307: and receiving a switching routing table sent by the management end, wherein the switching routing table is generated by an operator of the management end by applying a border gateway protocol BGP to switch routing information of SD-WAN gateway equipment and MPLS operator edge equipment.
S308: and updating the VLAN routing table according to the switching routing table.
Specifically, comparing the VLAN routing table with the switching routing table to obtain a comparison result; if the comparison result is different, the VLAN routing table is updated according to the switching routing table.
As can be seen from the above description, the present application updates the VLAN routing table according to the switching routing table, so as to implement the routing information exchange between the SD-WAN gateway device of the same tenant and the edge device of the MPLS operator, and further implement the interconnection and interworking between the SD-WAN gateway device of the same tenant and the edge device of the MPLS operator.
Fig. 4 is an interactive flow diagram of a network data forwarding method according to an embodiment of the present application. The execution body of the embodiment may be the software defined wan gateway device 102 shown in fig. 1, or may be another computer device, which is not particularly limited herein. As shown in fig. 4, the method includes:
S401: each SD-WAN client terminal device sends each network data to the SD-WAN gateway device through a corresponding SD-WAN tunnel, wherein each SD-WAN client terminal device corresponds to one SD-WAN tunnel; wherein each network data comprises a destination internet protocol IP address of the corresponding SD-WAN client terminal device.
S402: for network data sent by any SD-WAN client terminal equipment, the SD-WAN gateway equipment queries a virtual route forwarding VRF instance library according to the SD-WAN tunnel so as to obtain a corresponding VRF instance.
S403: the SD-WAN gateway equipment obtains a corresponding Virtual Local Area Network (VLAN) interface according to VRF examples, wherein each VRF example corresponds to one VLAN interface.
S404: the SD-WAN gateway device sends network data to the multiprotocol label switching MPLS operator edge device through the VLAN interface.
S405: and the MPLS operator edge equipment inquires a VPN interface corresponding to the destination IP address in a VPN routing table of the virtual private network.
S406: the MPLS operator edge device sends the network data to the corresponding MPLS user edge device through the VPN interface.
From the above description, the present application obtains the corresponding VRF instance according to the SD-WAN tunnel, obtains the corresponding VLAN interface according to the VRF instance, and then sends network data to the MPLS operator edge device through the VLAN interface, and isolates an exclusive logical network slice for each tenant on the SD-WAN gateway device by using the association relationship among the SD-WAN tunnel, the VRF instance and the VLAN interface, thereby implementing the multi-tenant bearer function.
Fig. 5 is an interactive flow chart of a network data forwarding method according to another embodiment of the present application. The execution body of the embodiment may be the multi-protocol label switching carrier edge device 103 shown in fig. 1, or may be other computer devices, which is not particularly limited herein. As shown in fig. 5, the method includes:
s501: any MPLS user edge equipment inquires the VPN routing table according to the destination IP address to obtain a corresponding VPN interface.
S502: any MPLS customer edge device sends network data to the MPLS operator edge device through a corresponding VPN interface, where the network data includes a destination IP address.
S503: and the MPLS operator edge equipment queries the VLAN routing table according to the destination IP address so as to obtain a corresponding VLAN interface.
S504: the MPLS operator edge device sends network data to the SD-WAN gateway device through the corresponding VLAN interface.
S505: the SD-WAN gateway equipment queries the VRF instance library according to the corresponding VLAN interface to obtain the corresponding VRF instance.
S506: and the SD-WAN gateway equipment inquires a destination SD-WAN tunnel corresponding to the destination IP address in a routing table of the VRF instance.
S507: the SD-WAN gateway device sends network data to the destination SD-WAN client terminal device through the destination SD-WAN tunnel.
From the above description, the present application obtains the corresponding VRF instance according to the SD-WAN tunnel, obtains the corresponding VLAN interface according to the VRF instance, and then sends network data to the MPLS operator edge device through the VLAN interface, and isolates an exclusive logical network slice for each tenant on the SD-WAN gateway device by using the association relationship among the SD-WAN tunnel, the VRF instance and the VLAN interface, thereby implementing the multi-tenant bearer function.
Fig. 6 is a schematic structural diagram of a network data forwarding device according to an embodiment of the present application. As shown in fig. 6, the network data forwarding apparatus 60 includes: a receiving module 601, a querying module 602, an obtaining module 603 and a sending module 604.
A receiving module 601, configured to receive each network data sent by each SD-WAN client terminal device through a corresponding SD-WAN tunnel, where each SD-WAN client terminal device corresponds to one SD-WAN tunnel; wherein each network data comprises a destination Internet Protocol (IP) address of the corresponding SD-WAN client terminal equipment;
a query module 602, configured to query, for network data sent by any SD-WAN client terminal device, a virtual route forwarding VRF instance library according to the SD-WAN tunnel, so as to obtain a corresponding VRF instance;
An obtaining module 603, configured to obtain a corresponding VLAN interface according to the VRF instances, where each VRF instance corresponds to one VLAN interface;
and a sending module 604, configured to send the network data to a multiprotocol label switching MPLS operator edge device through the VLAN interface, so that the MPLS operator edge device queries a VPN interface corresponding to the destination IP address in a VPN routing table of a virtual private network, and sends the network data to a corresponding MPLS user edge device through the VPN interface.
In one possible design, the network data forwarding device 60 further includes:
a data forwarding module 605, configured to receive network data sent by an MPLS operator edge device through a corresponding VLAN interface, where the network data is sent by any MPLS user edge device to the MPLS operator edge device through a corresponding VPN interface, where the network data includes a destination IP address of the any MPLS user edge device, where the corresponding VLAN interface is obtained by the MPLS operator edge device querying a VLAN routing table according to the destination IP address, and where the VPN interface is obtained by the MPLS user edge device querying the VPN routing table according to the destination IP address; inquiring the VRF instance library according to the corresponding VLAN interface to obtain a corresponding VRF instance; querying a destination SD-WAN tunnel corresponding to the destination IP address in a routing table of the VRF instance; and sending the network data to the destination SD-WAN client terminal equipment through the destination SD-WAN tunnel.
In one possible design, the network data forwarding device 60 further includes:
an updating module 606, configured to receive an exchange routing table sent by a management end, where the exchange routing table is generated by an operator of the management end applying a border gateway protocol BGP to exchange routing information of the SD-WAN gateway device and the MPLS operator edge device; and updating the routing tables of all VRF instances in the VRF instance library according to the switching routing table.
The device provided in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and its implementation principle and technical effects are similar, and this embodiment will not be described herein again.
Fig. 7 is a schematic structural diagram of another network data forwarding device according to an embodiment of the present application. As shown in fig. 6, the network data forwarding apparatus 70 includes: a receiving module 701, a querying module 702 and a sending module 703.
A receiving module 701, configured to receive network data sent by an SD-WAN gateway device through a VLAN interface, where the network data is sent by any SD-WAN client device to the SD-WAN gateway device through a corresponding SD-WAN tunnel, where the network data includes a destination IP address of the any SD-WAN client device, where each SD-WAN client device corresponds to one SD-WAN tunnel, where the VLAN interface is acquired by the SD-WAN gateway device through a VRF instance, where each VRF instance corresponds to one VLAN interface, where the VRF instance is acquired by the SD-WAN gateway device according to the SD-WAN tunnel querying a VRF instance library;
A query module 702, configured to query, in a VPN routing table, a VPN interface corresponding to the destination IP address;
and a sending module 703, configured to send the network data to a corresponding MPLS user edge device through the VPN interface.
In one possible design, the network data forwarding device 70 further includes:
a data forwarding module 704, configured to receive network data sent by any MPLS user edge device through a corresponding VPN interface, where the network data includes a destination IP address of the any MPLS user edge device, where the VPN interface is obtained by querying, by the MPLS user edge device, in the VPN routing table according to the destination IP address; inquiring a VLAN routing table according to the destination IP address to obtain a VLAN interface; and sending the network data to an SD-WAN gateway device according to the VLAN interface, so that the SD-WAN gateway device queries the VRF instance library according to the VLAN interface to obtain a corresponding VRF instance, and queries a destination SD-WAN tunnel corresponding to the destination IP address in a routing table of the VRF instance, and sends the network data to a destination SD-WAN user terminal through the destination SD-WAN tunnel.
In one possible design, the network data forwarding device 70 further includes:
An updating module 705, configured to receive an exchange routing table sent by a management end, where the exchange routing table is generated by an operator of the management end applying a border gateway protocol BGP to exchange routing information of the SD-WAN gateway device and the MPLS operator edge device; and updating the VLAN routing table according to the switching routing table.
The device provided in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and its implementation principle and technical effects are similar, and this embodiment will not be described herein again.
Fig. 8 is a schematic hardware structure of a network device according to an embodiment of the present application. As shown in fig. 8, the network device 80 of the present embodiment includes: at least one processor 801 and memory 802; the memory stores computer-executable instructions; at least one processor executing computer-executable instructions stored in a memory, causing the at least one processor to perform the network data forwarding method as described above;
alternatively, the memory 802 may be separate or integrated with the processor 801.
When the memory 802 is provided separately, the network device further comprises a bus 803 for connecting said memory 802 and the processor 801.
The embodiment of the application also provides a computer readable storage medium, wherein computer execution instructions are stored in the computer readable storage medium, and when a processor executes the computer execution instructions, the network data forwarding method is realized.
Embodiments of the present application also provide a computer program product comprising a computer program which, when executed by a processor, implements a network data forwarding method as described above.
It should be noted that, for simplicity of description, the foregoing method embodiments are all expressed as a series of action combinations, but it should be understood by those skilled in the art that the present application is not limited by the order of actions described, as some steps may be performed in other order or simultaneously in accordance with the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all alternative embodiments, and that the acts and modules referred to are not necessarily required in the present application.
It should be further noted that, although the steps in the flowchart are sequentially shown as indicated by arrows, the steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least a portion of the steps in the flowcharts may include a plurality of sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order in which the sub-steps or stages are performed is not necessarily sequential, and may be performed in turn or alternately with at least a portion of the sub-steps or stages of other steps or other steps.
It should be understood that the above-described device embodiments are merely illustrative, and that the device of the present application may be implemented in other ways. For example, the division of the units/modules in the above embodiments is merely a logic function division, and there may be another division manner in actual implementation. For example, multiple units, modules, or components may be combined, or may be integrated into another system, or some features may be omitted or not performed.
In addition, each functional unit/module in each embodiment of the present application may be integrated into one unit/module, or each unit/module may exist alone physically, or two or more units/modules may be integrated together, unless otherwise specified. The integrated units/modules described above may be implemented either in hardware or in software program modules.
The integrated units/modules, if implemented in hardware, may be digital circuits, analog circuits, etc. Physical implementations of hardware structures include, but are not limited to, transistors, memristors, and the like. The processor may be any suitable hardware processor, such as CPU, GPU, FPGA, DSP and ASIC, etc., unless otherwise specified. Unless otherwise indicated, the storage elements may be any suitable magnetic or magneto-optical storage medium, such as resistive Random Access Memory RRAM (Resistive Random Access Memory), dynamic Random Access Memory DRAM (Dynamic Random Access Memory), static Random Access Memory SRAM (Static Random-Access Memory), enhanced dynamic Random Access Memory EDRAM (Enhanced Dynamic Random Access Memory), high-Bandwidth Memory HBM (High-Bandwidth Memory), hybrid Memory cube HMC (Hybrid Memory Cube), etc.
The integrated units/modules may be stored in a computer readable memory if implemented in the form of software program modules and sold or used as a stand-alone product. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a memory, including several instructions for causing a computer device (which may be a personal computer, a server or a network device, etc.) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned memory includes: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to related descriptions of other embodiments. The technical features of the foregoing embodiments may be arbitrarily combined, and for brevity, all of the possible combinations of the technical features of the foregoing embodiments are not described, however, all of the combinations of the technical features should be considered as being within the scope of the disclosure.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It is to be understood that the present application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.
Claims (10)
1. A network data forwarding method, applied to a software defined wide area network SD-WAN gateway device, comprising:
receiving network data sent by each SD-WAN client terminal device through a corresponding SD-WAN tunnel, wherein each SD-WAN client terminal device corresponds to one SD-WAN tunnel; wherein each network data comprises a destination Internet Protocol (IP) address of the corresponding SD-WAN client terminal equipment;
Inquiring a virtual route forwarding VRF instance library according to the SD-WAN tunnel aiming at network data sent by any SD-WAN client terminal equipment so as to obtain a corresponding VRF instance;
obtaining a corresponding Virtual Local Area Network (VLAN) interface according to the VRF examples, wherein each VRF example corresponds to one VLAN interface;
and transmitting the network data to the multiprotocol label switching MPLS operator edge equipment through the VLAN interface, so that the MPLS operator edge equipment queries a VPN interface corresponding to the destination IP address in a VPN routing table of a virtual private network, and transmits the network data to the corresponding MPLS user edge equipment through the VPN interface.
2. The method as recited in claim 1, further comprising:
receiving network data sent by an MPLS operator edge device through a corresponding VLAN interface, wherein the network data is sent to the MPLS operator edge device by any MPLS user edge device through a corresponding VPN interface, wherein the network data comprises a destination IP address of any MPLS user edge device, wherein the corresponding VLAN interface is obtained by the MPLS operator edge device according to the destination IP address inquiring VLAN routing table, wherein the VPN interface is obtained by the MPLS user edge device according to the destination IP address inquiring in the VPN routing table;
Inquiring the VRF instance library according to the corresponding VLAN interface to obtain a corresponding VRF instance;
querying a destination SD-WAN tunnel corresponding to the destination IP address in a routing table of the VRF instance;
and sending the network data to the destination SD-WAN client terminal equipment through the destination SD-WAN tunnel.
3. The method according to claim 1 or 2, further comprising:
receiving an exchange routing table sent by a management end, wherein the exchange routing table is generated by an operator of the management end exchanging routing information of the SD-WAN gateway equipment and the MPLS operator edge equipment by applying a border gateway protocol BGP;
and updating the routing tables of all VRF instances in the VRF instance library according to the switching routing table.
4. A network data forwarding method, applied to MPLS operator edge devices, comprising:
receiving network data sent by an SD-WAN gateway device through a VLAN interface, where the network data is sent by any SD-WAN client terminal device to the SD-WAN gateway device through a corresponding SD-WAN tunnel, where the network data includes a destination IP address of the any SD-WAN client terminal device, where each SD-WAN client terminal device corresponds to one SD-WAN tunnel, where the VLAN interface is acquired by the SD-WAN gateway device through a VRF instance, where each VRF instance corresponds to one VLAN interface, where the VRF instance is acquired by the SD-WAN gateway device according to the SD-WAN tunnel querying a VRF instance library;
Querying a VPN interface corresponding to the destination IP address in a VPN routing table;
and sending the network data to the corresponding MPLS user edge equipment through the VPN interface.
5. The method as recited in claim 4, further comprising:
receiving network data sent by any MPLS user edge equipment through a corresponding VPN interface, wherein the network data comprises a destination IP address of the any MPLS user edge equipment, and the VPN interface is obtained by inquiring the MPLS user edge equipment in the VPN routing table according to the destination IP address;
inquiring a VLAN routing table according to the destination IP address to obtain a VLAN interface;
and sending the network data to an SD-WAN gateway device according to the VLAN interface, so that the SD-WAN gateway device queries the VRF instance library according to the VLAN interface to obtain a corresponding VRF instance, and queries a destination SD-WAN tunnel corresponding to the destination IP address in a routing table of the VRF instance, and sends the network data to a destination SD-WAN user terminal through the destination SD-WAN tunnel.
6. The method according to claim 4 or 5, further comprising:
receiving an exchange routing table sent by a management end, wherein the exchange routing table is generated by an operator of the management end exchanging routing information of the SD-WAN gateway equipment and the MPLS operator edge equipment by applying a border gateway protocol BGP;
And updating the VLAN routing table according to the switching routing table.
7. A network data forwarding apparatus for use with a software defined wide area network SD-WAN gateway device, comprising:
the receiving module is used for receiving the network data sent by the SD-WAN client terminal devices through the corresponding SD-WAN tunnels, wherein each SD-WAN client terminal device corresponds to one SD-WAN tunnel; wherein each network data comprises a destination Internet Protocol (IP) address of the corresponding SD-WAN client terminal equipment;
the query module is used for querying a virtual route forwarding VRF instance library according to the SD-WAN tunnel aiming at network data sent by any SD-WAN client terminal equipment so as to obtain a corresponding VRF instance;
the acquisition module is used for acquiring a corresponding Virtual Local Area Network (VLAN) interface according to the VRF examples, wherein each VRF example corresponds to one VLAN interface;
and the sending module is used for sending the network data to the multiprotocol label switching MPLS operator edge equipment through the VLAN interface, so that the MPLS operator edge equipment queries a VPN interface corresponding to the destination IP address in a VPN routing table of a virtual private line network, and sends the network data to the corresponding MPLS user edge equipment through the VPN interface.
8. A network data forwarding device, applied to MPLS operator edge devices, comprising:
a receiving module, configured to receive network data sent by an SD-WAN gateway device through a VLAN interface, where the network data is sent by any SD-WAN client device to the SD-WAN gateway device through a corresponding SD-WAN tunnel, where the network data includes a destination IP address of the any SD-WAN client device, where each SD-WAN client device corresponds to one SD-WAN tunnel, where the VLAN interface is acquired by the SD-WAN gateway device through a VRF instance, where each VRF instance corresponds to one VLAN interface, where the VRF instance is acquired by the SD-WAN gateway device according to the SD-WAN tunnel querying a VRF instance library;
the inquiring module is used for inquiring the VPN interface corresponding to the target IP address in the VPN routing table;
and the sending module is used for sending the network data to the corresponding MPLS user edge equipment through the VPN interface.
9. A network device, comprising: a processor, and a memory communicatively coupled to the processor;
the memory stores computer-executable instructions;
The processor executes the computer-executable instructions stored by the memory to implement the network data forwarding method of any one of claims 1 to 3, or the network data forwarding method of any one of claims 4 to 6.
10. A computer readable storage medium, wherein computer executable instructions are stored in the computer readable storage medium, which when executed by a processor is configured to implement the network data forwarding method according to any one of claims 1 to 3, or the network data forwarding method according to any one of claims 4 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311764508.4A CN117749741A (en) | 2023-12-20 | 2023-12-20 | Network data forwarding method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311764508.4A CN117749741A (en) | 2023-12-20 | 2023-12-20 | Network data forwarding method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117749741A true CN117749741A (en) | 2024-03-22 |
Family
ID=90254219
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311764508.4A Pending CN117749741A (en) | 2023-12-20 | 2023-12-20 | Network data forwarding method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117749741A (en) |
-
2023
- 2023-12-20 CN CN202311764508.4A patent/CN117749741A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7004405B2 (en) | Systems and methods for distributed flow state P2P configuration in virtual networks | |
| US10742511B2 (en) | Refresh of the binding tables between data-link-layer and network-layer addresses on mobility in a data center environment | |
| US9860079B2 (en) | Redirecting packets for egress from an autonomous system using tenant specific routing and forwarding tables | |
| US9413659B2 (en) | Distributed network address and port translation for migrating flows between service chains in a network environment | |
| US9590902B2 (en) | Signaling aliasing capability in data centers | |
| CN107409083B (en) | Scalable processing of BGP routing information in VXLAN with EVPN control plane | |
| TWI583151B (en) | System and method for implementing and managing virtual networks | |
| US9253140B2 (en) | System and method for optimizing within subnet communication in a network environment | |
| US9565034B2 (en) | System and method for scalable inter-domain overlay networking | |
| CN116319541A (en) | Service insertion method, device and system at logic gateway | |
| CN112970230B (en) | Method and system for accessing cloud services | |
| CN105208053A (en) | Method for realizing load balance, device and load balance service system | |
| CN104734955A (en) | Network function virtualization implementation method, wide-band network gateway and control device | |
| US9654540B2 (en) | Load balancing among network servers | |
| CN112272145B (en) | Message processing method, device, equipment and machine readable storage medium | |
| WO2018223488A1 (en) | Acceleration proxy device, acceleration proxy method and content management system | |
| US20200036633A1 (en) | Network routing systems and techniques | |
| EP3018866A1 (en) | Signaling aliasing capability in data centers | |
| CN108259205B (en) | Route publishing method and network equipment | |
| CN117749741A (en) | Network data forwarding method, device, equipment and storage medium | |
| CN114567616B (en) | Method, system and equipment for traversing VxLAN NAT | |
| EP3154228A1 (en) | Data transfer system, data transfer server, data transfer method, and program recording medium | |
| US10554549B1 (en) | DCI stitching for data center overlays | |
| CN115118655B (en) | Cross-network message forwarding method and device, electronic equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |