WO2010139238A1 - Method and device for implementing mac-forced forwarding - Google Patents

Method and device for implementing mac-forced forwarding Download PDF

Info

Publication number
WO2010139238A1
WO2010139238A1 PCT/CN2010/072924 CN2010072924W WO2010139238A1 WO 2010139238 A1 WO2010139238 A1 WO 2010139238A1 CN 2010072924 W CN2010072924 W CN 2010072924W WO 2010139238 A1 WO2010139238 A1 WO 2010139238A1
Authority
WO
WIPO (PCT)
Prior art keywords
address
gateway
user
resolution protocol
sender
Prior art date
Application number
PCT/CN2010/072924
Other languages
French (fr)
Chinese (zh)
Inventor
王金
曹皖明
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2010139238A1 publication Critical patent/WO2010139238A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]

Definitions

  • the present invention relates to the field of Ethernet data communications, and in particular, to a method and apparatus for implementing a MAC-Forced Forwarding (MFF) function.
  • MFF MAC-Forced Forwarding
  • a common method of user isolation is to divide a virtual local area network (VLAN) on an access device.
  • VLAN virtual local area network
  • IP Internet Protocol
  • RFC4562 "MAC-Forced Forwarding: A Method for Subscriber Separation on an Ethernet Access Network” proposes a solution.
  • the access device intercepts the address resolution protocol (ARP) request of the user, and responds to the ARP reply message of the Media Access Control (MAC) address of the gateway through the ARP pickup mechanism.
  • ARP address resolution protocol
  • MAC Media Access Control
  • RFC4562 has the following disadvantages: (1) There is no ring described in the static configuration IP address.
  • an Ethernet access node (EAN) automatically obtains a user IP address, a MAC address, a virtual local area network (VLAN), and a corresponding access router (AR); (2) For the ARP request packet sent by the AR, the EAN forwards directly.
  • the object of the present invention is to provide a method and apparatus for implementing a mandatory MAC forwarding function, which is used to solve the problem that the static configuration IP address cannot automatically obtain the correspondence between the user and the gateway and cannot be minimized on the network. Defects in ARP broadcast messages.
  • the method for implementing the mandatory MAC forwarding function includes the following steps:
  • the user and the gateway correspondence database are queried according to the sender IP address in the address resolution protocol request, and the sender is obtained.
  • the IP address of the gateway corresponding to the IP address and the MAC address of the gateway;
  • connection attribute of the physical interface that receives the address resolution protocol request message is a gateway connection
  • the user and gateway correspondence library is pre-established by the following process:
  • the sender IP address and the sender header address creation protocol in the address resolution protocol request message or the response message are obtained. Determining an IP address of the gateway configured in the VLAN according to the VLAN identifier in the address resolution protocol request packet or the response packet; determining that the sender IP address is different from the IP address of the gateway; And associating the address resolution protocol entry with the IP address of the gateway to establish a user and gateway correspondence library.
  • the method further includes:
  • the obtaining the MAC address corresponding to the IP address of the gateway is specifically: querying the address resolution protocol entry according to the IP address of the gateway to obtain the MAC address of the gateway.
  • the IP address and the MAC address of the gateway are respectively used as the sender IP address and the sender header of the address resolution protocol to be constructed; and the address IP address of the sender in the address resolution protocol request message is
  • the sender header is the destination IP address and destination header of the address resolution protocol response message to be constructed; and the address resolution protocol response constructed is sent.
  • the method further includes: determining that the sender address in the address resolution protocol request message is an IP address of the gateway, and the destination IP address is the user IP address.
  • the obtaining the IP address of the user and the MAC address of the user are: the destination IP address is the user IP address, and the IP address of the user queries the MAC address of the user in the user and the gateway correspondence database. .
  • the constructing and sending the address resolution protocol response according to the user's IP address and MAC address and the address resolution protocol request include: using the user's IP address and MAC address as the desired structure Determining a sender IP address and a sender header of the address resolution protocol response message; using the sender IP address and the sender header in the address resolution protocol request as the destination IP address of the address resolution protocol response message to be constructed And the destination header; and the constructed address resolution protocol response message is sent.
  • the IP address and the MAC address of the gateway are respectively used as the address resolution protocol request to be constructed.
  • a sender IP address and a sender header the destination IP address being the destination IP address of the address resolution protocol request message to be constructed, and constructing the address resolution protocol request message to be constructed to trigger the user Learning with the gateway correspondence library.
  • the IP address and the MAC address of the gateway are respectively used as address resolution protocol requests to be constructed.
  • a sender IP address and a sender header the sender IP address being the destination IP address of the address resolution protocol request message to be constructed, and constructing the address resolution protocol request message to be constructed to trigger the user Learning with the gateway correspondence library.
  • connection properties of the physical interface are set through a user interface.
  • the device for implementing the mandatory MAC forwarding function provided by the present invention includes:
  • a packet processing module configured to: forward the address resolution protocol request packet received by the physical interface of the access node;
  • An address resolution protocol proxy module configured to be connected to the packet processing module, configured to determine, after the connection property of the physical interface that receives the address resolution protocol request packet is a user connection, according to the sender in the address resolution protocol request Querying the user and the gateway correspondence database of the IP address, obtaining the IP address of the gateway corresponding to the sender IP address and the MAC address corresponding to the IP address of the gateway; and parsing according to the IP address and MAC address of the gateway and the address
  • the protocol request message is configured to send and send an address resolution protocol response message; or after determining that the connection attribute of the physical interface receiving the address resolution protocol request message is a gateway connection, requesting the purpose in the ⁇ text according to the address resolution protocol
  • the party IP address queries the user and the gateway correspondence database, and obtains the IP address of the user and the MAC address corresponding to the IP address of the user; and constructs and sends according to the
  • the device for implementing the mandatory MAC forwarding function further includes: a forced MAC forwarding learning module, configured to: after receiving the address resolution protocol request message or the response message, obtain the sender IP address and the sending address in the address resolution protocol request message or the response message An address resolution protocol entry is created by the first header; the IP address of the gateway configured in the VLAN is searched according to the VLAN identifier in the address resolution protocol request packet or the response packet; and the sender IP address and the IP address of the gateway are determined.
  • the addresses are different; the address resolution protocol entry and the IP address of the gateway are associated to establish a user and gateway correspondence library.
  • the method and the device for implementing the mandatory MAC forwarding function of the present invention automatically acquire the manner of the user-to-gateway correspondence required to implement the MFF function by intercepting and analyzing the ARP packet.
  • the EAN does not forward the gateway.
  • the ARP request packet, but the ARP reply packet that the access device directly responds to the user's MAC address, can reduce the number of ARP broadcast packets on the network.
  • 1 is a block diagram of a device for implementing a forced MAC forwarding function according to the present invention
  • 2 is a learning process of a correspondence between a user and a gateway according to the present invention
  • FIG. 3 is a flowchart of Embodiment 1 of a method for implementing a mandatory MAC forwarding function according to the present invention
  • FIG. 4 is a content of a record of an ARP entry according to the present invention
  • FIG. 5 is a schematic diagram of a user and gateway correspondence library according to the present invention.
  • FIG. 6 is a flowchart of Embodiment 2 of a method for implementing a mandatory MAC forwarding function according to the present invention. detailed description
  • FIG. 1 it is a block diagram of a device for implementing a forced MAC forwarding function.
  • the device implements the ARP request packet not to be forwarded, but instead responds, thereby reducing ARP broadcast packets in the network.
  • the device includes:
  • the packet processing module 10 is configured to determine that the address resolution protocol request packet received on the physical interface of the access node is not forwarded, but is forwarded;
  • An address resolution protocol (ARP) proxy module 20 is connected to the packet processing module 10, and is configured to: after determining that the connection property of the physical interface that receives the ARP request packet is a user connection, according to the sender in the ARP request packet
  • the IP address query user and gateway correspondence library 50 obtains the IP address of the gateway corresponding to the sender IP address and the MAC address corresponding to the IP address of the gateway; according to the IP address and MAC address of the gateway and the ARP request ⁇ , , ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇
  • the apparatus for implementing the mandatory MAC forwarding function further includes:
  • the mandatory MAC forwarding learning module 30 is configured to obtain an ARP request packet or a response packet, and obtain an ARP request packet or a sender IP address of the response packet and a sender header to create an address resolution protocol entry (the address resolution protocol entry)
  • the IP address of the gateway configured in the VLAN is searched according to the VLAN identifier in the ARP request packet or the response packet.
  • the IP address of the sender and the gateway are determined.
  • the IP address is different; the address resolution protocol entry and the IP address of the gateway are associated to establish a user and gateway correspondence library 50.
  • the forced MAC forwarding learning module 30 performs a learning process on all ARP request messages at any time to establish a user and gateway correspondence library.
  • the Address Resolution Protocol Pickup Module also has the following functions to trigger the learning of the user and gateway correspondence libraries.
  • the IP address of the sender in the ARP request packet is not found (that is, the user IP address of the user and the gateway correspondence database that is not indexed by the sender IP address is recorded in the library).
  • the address resolution protocol pickup module will construct a new ARP request message to trigger the learning of the user and gateway correspondence database.
  • the IP address and MAC address of the gateway are respectively used as the sender IP address and sender header of the ARP request packet to be constructed.
  • the IP address of the sender of the original ARP request packet is the destination IP address of the ARP request packet to be constructed. This is built into the ARP request to be constructed.
  • the address resolution protocol pickup module will also construct a new ARP request packet to trigger the user and gateway correspondence database. Learning.
  • the IP address and MAC address of the gateway are respectively used as the sender IP address and the sender's header of the ARP request packet to be constructed.
  • the destination IP address of the original ARP packet is the destination IP address of the ARP request text to be constructed.
  • ARP request message to trigger the learning of the user and gateway correspondence library. The constructed request message will be broadcast in the VLAN and will not be learned. Subsequent learning is performed based on the received ARP response message from the user.
  • the address resolution protocol pickup module 20 and the forced MAC forwarding learning module 30 may be included in one module, namely the address resolution protocol module 60.
  • the apparatus for implementing the mandatory MAC forwarding function may further include a user interface 70, by which the network administrator can set whether the connection attribute of the physical interface is a user connection or a gateway connection, and configure an IP address of the gateway under the VLAN, and view the User and gateway relationship library 50.
  • the device for implementing the forced MAC forwarding function further includes a user and gateway correspondence database organization and maintenance module 40, and is connected with the mandatory MAC forwarding learning module 30 and the ARP pickup module 20, and the user information is
  • the IP address, MAC address, and VLAN ID of the corresponding gateway are organized into a table to provide interfaces for adding, deleting, updating, and querying entries.
  • the device that implements the forced MAC forwarding function is placed on an access node (Access Node, AN) between the customer premises network and the tandem network.
  • AN access Node
  • the network administrator statically specifies that the connection attribute of the physical interface is a gateway connection or a user connection through the user interface. Therefore, when the AN receives the ARP request packet, it can query the attributes of the physical interface, and can determine whether the physical interface that receives the ARP request message is the user or the gateway, so that the ARP request packet is sent from the user. Still a gateway.
  • the user and the gateway correspondence library are obtained through the learning mechanism, so that the corresponding relationship between the user and the gateway cannot be automatically obtained in the prior art.
  • the mandatory MAC forwarding learning module 30 in the mandatory MAC forwarding function device queries the IP address of the corresponding gateway according to the VLAN identifier of the ARP packet (for example, the ARP request packet and the ARP response packet) (there is only one gateway in each VLAN. Configured by the network administrator). Then, the user information (user IP address, MAC address, and VLAN ID) recorded by the ARP entry is associated with the gateway and added to the user and the network. In the relationship library.
  • the ARP entry is a mandatory MAC forwarding learning module that parses the sender IP address and the sender header (sender MAC address) from the ARP request message or the response. Then the ARP entry is created and added to the ARP cache. The created ARP entry includes sending The party IP, the sender MAC address, and the VLAN identifier.
  • the forced MAC forwarding learning module completes the automatic learning and creation of the correspondence between the user and the gateway.
  • the ARP entry is added to the cache.
  • the ARP entry includes the sender (user or gateway) MAC address, the sender (user or gateway) IP address, and the VLAN ID.
  • the contents of the record of the ARP entry are shown in Figure 4.
  • the user and gateway correspondence is a data table indexed by the user IP address, and the data table includes the user IP address, the user MAC address, the VLAN identifier, and the IP of the VLAN-related gateway.
  • the address is used to query the IP address of the gateway configured in the VLAN to which the user IP address is indexed, and then obtain the MAC address of the gateway by obtaining the ARP entry corresponding to the gateway from the cache according to the IP address of the gateway. address.
  • a schematic diagram of the user and gateway correspondence library is shown in FIG. 5.
  • the process is a learning process of the correspondence between the user and the gateway of the present invention. As shown in FIG. 2, the process includes the following steps. Referring to FIG. 5, the schematic diagram of the correspondence between the user and the gateway is as follows: The interface connecting the user and the interface connecting the gateway will send all received ARP packets (including requests and responses) to the address resolution pickup module for processing.
  • Step 201 After receiving the address resolution protocol request message or the response message, obtain the address resolution protocol request>3 ⁇ 4 text or the sender IP address in the response message and the sender header (ie, the sender MAC address) to create an ARP entry to be added.
  • the sender header ie, the sender MAC address
  • the user information recorded by the ARP entry has the sender's IP address, MAC address, and VLAN ID (the ARP entry may be gateway or user's.)
  • Step 202 Request, according to the address resolution protocol, a VLAN in a request packet or a response packet. Identifying an IP address of a gateway configured in the VLAN;
  • Step 203 Determine that the sender IP address is different from the IP address of the gateway, so as to prevent the sender from being a gateway configured in the VLAN.
  • Step 204 Associate the address resolution protocol entry and the IP address of the gateway to establish a user and gateway correspondence database.
  • IP address, MAC address, VLAN ID IP address, IP address, IP address, VLAN ID
  • IP address, MAC address, VLAN ID IP address, IP address, IP address, IP address of the corresponding gateway into a single table, providing an interface for adding, deleting, updating, and querying the entries, thereby Add to the user and gateway correspondence library.
  • FIG. 3 it is a flowchart of Embodiment 1 of a method for implementing a mandatory MAC forwarding function according to the present invention.
  • the network administrator statically specifies the physical receiving interface through the user interface to connect to the gateway or the user. For example, the user who specifies the receiving interface is connected. Therefore, it is assumed that the packet received on the physical interface of the AN in the first embodiment is an Address Resolution Protocol Request (ARP) packet; and the physical interface attribute is a connected user. That is, the device first judges the received packet, and does not forward the ARP request packet, but performs the process of implementing the mandatory MAC forwarding function.
  • ARP Address Resolution Protocol Request
  • Step 301 Determine that the currently received packet is an ARP request packet.
  • Step 302 Determine that the attribute of the physical interface that receives the ARP request packet is set to be the connected user (that is, the user host).
  • Step 303 Determine whether the destination IP address in the ARP request packet is a gateway.
  • the gateway refers to a VLAN gateway, and searches for the IP address of the gateway configured in the VLAN according to the VLAN identifier, and then determines whether the IP address is the gateway associated with the VLAN. IP address, if it is judged as a gateway, otherwise it is judged as a user;);
  • Step 304 If the destination IP address is not the gateway address but the user IP address, query the user and the gateway correspondence database to confirm that the destination user is online (whether there is a record); If you are on the line, you will not pick up the traffic to block the traffic and prevent the gateway from being attacked.
  • Step 305 Query the user and the gateway correspondence database according to the sender IP address in the ARP request, and obtain the IP address of the VLAN-related gateway corresponding to the sender IP address (that is, the IP address of the user connected to the physical interface);
  • the sender IP address is in the column indexed by the user IP address, and the record of the same IP is found, and then the IP address of the gateway is found;
  • Step 306 Query an ARP cache according to the IP address of the gateway, and obtain a MAC address corresponding to the IP address from the ARP entry.
  • Step 307 Construct and send an ARP response packet according to the IP address and the MAC address of the gateway and the ARP request, and the step includes:
  • Step 3071 The IP address and the MAC address of the gateway are respectively used as the sender IP address and the sender header of the ARP reply message to be constructed;
  • Step 3072 The sender IP address and the sender header in the ARP request message are used as the destination IP address and destination header of the ARP response message to be constructed;
  • Step 3073 Send the constructed ARP response packet to the user.
  • step 303 the destination IP address of the ARP request packet is the IP address of the gateway associated with the VLAN, as shown in FIG. 3, that is, After step 303, step 305 to step 307 are directly executed.
  • the address resolution protocol pickup module will construct a new ARP request message to trigger the learning of the user and gateway correspondence database.
  • the IP address and MAC address of the gateway are respectively used as the sender IP address and sender header of the ARP request packet to be constructed.
  • the IP address of the sender of the original ARP request packet is the destination IP address of the ARP request packet to be constructed. This is constructed as an ARP request message to be constructed.
  • a new ARP request message is triggered to trigger the user and gateway correspondence library.
  • the address resolution protocol pickup module will also construct a new ARP request message to trigger the learning of the user and gateway correspondence database.
  • the IP address and the MAC address of the gateway are respectively used as the sender IP address and the sender's header of the ARP request packet to be constructed.
  • the destination IP address of the original ARP packet is the destination IP address of the ARP request packet to be constructed.
  • a new ARP request message to trigger the learning of the user and gateway correspondence library.
  • the constructed request message will be broadcast in the VLAN and will not be learned. Subsequent learning is performed based on the received ARP response message from the user.
  • FIG. 6 is a flow chart of Embodiment 2 of a method for implementing a forced MAC forwarding function according to the present invention.
  • the network administrator statically specifies the physical receiving interface through the user interface to connect to the gateway or the user. For example, the designated receiving interface is connected to the gateway. Therefore, it is assumed that the message received on the physical interface of the AN in the first embodiment is an Address Resolution Protocol Request (ARP) message; and the physical interface attribute is a connection gateway. That is, in the device, the received packet is first judged, and the ARP request packet from the gateway is not forwarded, but the process of implementing the mandatory MAC forwarding function is performed.
  • ARP Address Resolution Protocol Request
  • the physical receiving interface is connected to the gateway.
  • the process of implementing the MAC function forwarding method includes the following steps:
  • Step 601 Determine that the currently received packet is an ARP request packet.
  • Step 602 Determine that the attribute of the physical interface that receives the ARP request message is set to be the connection gateway.
  • Step 603 Determine whether the IP address of the sender in the ARP request message is an IP address of the gateway configured by the VLAN. The IP address of the gateway is based on the VLAN identifier. Find the IP address of the gateway configured in the VLAN.
  • Step 604 if not, discarding the ARP request packet
  • Step 605 if yes, then determine whether the destination address of the ARP request packet is a VLAN. Configure the IP address of the gateway.
  • Step 606 if yes, discarding the ARP request packet
  • Step 607 If not, query the user and the gateway correspondence database according to the destination IP address in the ARP request packet (the destination IP address is the user IP address), and obtain the IP address of the user and the MAC address of the user;
  • the IP address of the user queries the correspondence database of the user and the gateway, and obtains the MAC address of the user;
  • Step 608 Construct and send an ARP response packet according to the IP address and the MAC address of the user and the ARP request, and the step includes:
  • Step 6081 The IP address and the MAC address of the user are respectively used as the sender IP address and the sender header of the ARP reply message to be constructed;
  • Step 6082 The sender IP address and the sender header in the ARP request message are used as the destination IP address and destination header of the ARP response message to be constructed;
  • Step 6083 Send the constructed ARP reply packet to the gateway, where the gateway is also a gateway configured in the VLAN.
  • the method for implementing the mandatory MAC forwarding function is implemented by the present invention, and after the AN receives the ARP request packet, the AN does not forward the packet, but directly responds, and establishes The automatic learning mechanism of the user-to-gateway relationship automatically obtains the correspondence between the user and the gateway, thus reducing the number of ARP broadcast packets on the network.
  • the learning mechanism may be triggered by establishing a new ARP request message, and the trigger may be used to query the user and the gateway correspondence database during the entire pickup process, when in the relational library.
  • a new ARP request can be established to trigger the learning mechanism.
  • the invention implements ARP pickup, receives the user's ARP request message, responds with the gateway's MAC address, and receives the ARP request message of the gateway, and then responds with the user's MAC address.

Abstract

A method for implementing MAC-forced forwarding is disclosed by the present invention. The method includes: the received message is determined to be an address resolution protocol (ARP) request message; after the physical interface connection is determined to be a user connection, a library of correspondences between users and gateways is queried on the basis of the IP address of the sender to obtain the IP address and MAC address of the gateway, and then an ARP response message is constructed and sent; or, after the physical interface connection is determined to be a gateway connection, the library of correspondences between users and gateways is queried on the basis of the destination IP address to obtain the IP address and MAC address of the user, and then the ARP response message is constructed and sent. A device for implementing MAC-forced forwarding is also disclosed by the present invention. The device includes a message processing module and an ARP proxy responding module. The device, on behalf of the gateway, directly replies with the ARP response message, reducing the number of ARP broadcast messages in the network.

Description

实现强制 MAC转发功能的方法和装置 技术领域  Method and device for implementing forced MAC forwarding function
本发明涉及以太网数据通信领域, 尤其涉及一种实现强制 MAC 转发 ( MAC-Forced Forwarding, MFF )功能的方法和装置。 背景技术  The present invention relates to the field of Ethernet data communications, and in particular, to a method and apparatus for implementing a MAC-Forced Forwarding (MFF) function. Background technique
众所周知, 同一广播域内的主机间的通信是不需要经过网关, 直接通 过接入设备的二层转发功能得以实现。 该方式使得广播域内的通信更为开 放、 高效, 同时减轻了网关的负担。 但是, 如果需要对用户接入进行控制, 该方式是无法满足需求的。 同时, 该方式下网关监听不到广播域内主机间 的通信流量, 网络的安全性也无法得到更好的保障。  It is well known that communication between hosts in the same broadcast domain does not require a gateway to pass through the Layer 2 forwarding function of the access device. This approach makes communication within the broadcast domain more open and efficient, while reducing the burden on the gateway. However, if user access needs to be controlled, this method cannot meet the demand. At the same time, in this mode, the gateway cannot monitor the communication traffic between hosts in the broadcast domain, and the security of the network cannot be better guaranteed.
为了满足对用户接入进行控制的需求, 可以对同一广播域的主机进行 二层隔离。 常用的用户隔离方法是在接入设备上划分虚拟局域网(VLAN )。 但是, 当需要二层隔离的用户较多时, 这种方式会占用大量的 VLAN资源; 同时, 为实现客户端之间三层互通, 需要为每个 VLAN规划不同的网际协 议( Internet Protocol , IP ) 网段, 并配置 VLAN接口的 IP地址, 而划分过 多的 VLAN会降低 IP地址的分配效率。  To meet the requirements for controlling user access, you can perform Layer 2 isolation on hosts in the same broadcast domain. A common method of user isolation is to divide a virtual local area network (VLAN) on an access device. However, when there are many users who need to isolate Layer 2, this method will occupy a large amount of VLAN resources. At the same time, in order to implement Layer 3 interworking between clients, different Internet Protocol (IP) needs to be planned for each VLAN. The network segment and the IP address of the VLAN interface are configured. The excessive division of VLANs reduces the efficiency of IP address allocation.
RFC4562 "MAC-Forced Forwarding: A Method for Subscriber Separation on an Ethernet Access Network"提出了一种解决方案。 该方案下接入设备截 获用户的地址解析协议( Address Resolution Protocol, ARP )请求 4艮文, 通 过 ARP代答机制, 回复网关介质访问控制 ( Media Access Control, MAC ) 地址的 ARP应答 文。 通过这种方式, 可以强制用户将所有流量(包括同 一子网内的流量)发送到网关。  RFC4562 "MAC-Forced Forwarding: A Method for Subscriber Separation on an Ethernet Access Network" proposes a solution. In this solution, the access device intercepts the address resolution protocol (ARP) request of the user, and responds to the ARP reply message of the Media Access Control (MAC) address of the gateway through the ARP pickup mechanism. In this way, the user can be forced to send all traffic (including traffic within the same subnet) to the gateway.
但是, RFC4562存在以下不足: ( 1 )没有描述在静态配置 IP地址的环 境中, 以太网接入节点 ( Ethernet Access Node, EAN ) 自动获取用户 IP地 址、 MAC地址、 所属虚拟局域网 ( Virtual Local Area Network, VLAN ), 以及对应接入路由器(Access Router, AR ) 的方法; (2 )对于 AR发出的 ARP请求报文, EAN直接转发。 发明内容 However, RFC4562 has the following disadvantages: (1) There is no ring described in the static configuration IP address. In the context, an Ethernet access node (EAN) automatically obtains a user IP address, a MAC address, a virtual local area network (VLAN), and a corresponding access router (AR); (2) For the ARP request packet sent by the AR, the EAN forwards directly. Summary of the invention
本发明的发明目的是提供一种实现强制 MAC转发功能的方法和装置, 用于解决现有技术中存在的在静态配置 IP地址无法自动获取用户和网关对 应关系的问题和无法最大限度减少网络上的 ARP广播报文的缺陷。  The object of the present invention is to provide a method and apparatus for implementing a mandatory MAC forwarding function, which is used to solve the problem that the static configuration IP address cannot automatically obtain the correspondence between the user and the gateway and cannot be minimized on the network. Defects in ARP broadcast messages.
为了实现上述目的,本发明提供的实现强制 MAC转发功能的方法包括 以下步骤:  In order to achieve the above object, the method for implementing the mandatory MAC forwarding function provided by the present invention includes the following steps:
确定接收到的报文为地址解析协议请求报文;  Determining that the received packet is an address resolution protocol request packet;
在确定接收所述地址解析协议请求报文的物理接口的连接属性为用户 连接后, 根据所述地址解析协议请求 4艮文中的发送方 IP地址查询用户和网 关对应关系库,获取所述发送方 IP地址对应的网关的 IP地址以及所述网关 的 MAC地址;  After determining that the connection attribute of the physical interface that receives the address resolution protocol request message is a user connection, the user and the gateway correspondence database are queried according to the sender IP address in the address resolution protocol request, and the sender is obtained. The IP address of the gateway corresponding to the IP address and the MAC address of the gateway;
根据所述网关的 IP地址和 MAC地址以及所述地址解析协议请求 ^艮文, 构造并发送地址解析协议应答^^文; 或者  And constructing and sending an address resolution protocol response ^^ according to the IP address and MAC address of the gateway and the address resolution protocol request; or
在确定接收所述地址解析协议请求报文的物理接口的连接属性为网关 连接后, 根据所述地址解析协议请求 文中的目的 IP地址查询用户和网关 对应关系库, 获取用户的 IP地址以及用户的 MAC地址;  After determining that the connection attribute of the physical interface that receives the address resolution protocol request message is a gateway connection, query the user and the gateway correspondence database according to the destination IP address in the address resolution protocol request message, and obtain the IP address of the user and the user. MAC address;
根据所述用户的 IP地址和 MAC地址以及所述地址解析协议请求 ^艮文 构造并发送地址解析协议应答^^艮文。  And according to the IP address and MAC address of the user and the address resolution protocol request, and the address resolution protocol is sent and sent.
所述用户和网关对应关系库是通过以下过程预先建立的:  The user and gateway correspondence library is pre-established by the following process:
接收到地址解析协议请求报文或者应答报文后, 获取所述地址解析协 议请求 文或者应答 文中的发送方 IP地址和发送方首部创建地址解析协 议条目; 根据所述地址解析协议请求报文或者应答报文中的 VLAN标识查 找所述 VLAN下配置的所述网关的 IP地址; 确定所述发送方 IP地址与所 述网关的 IP地址不同;和将所述地址解析协议条目以及所述网关的 IP地址 关联, 来建立用户和网关对应关系库。 After receiving the address resolution protocol request message or the response message, the sender IP address and the sender header address creation protocol in the address resolution protocol request message or the response message are obtained. Determining an IP address of the gateway configured in the VLAN according to the VLAN identifier in the address resolution protocol request packet or the response packet; determining that the sender IP address is different from the IP address of the gateway; And associating the address resolution protocol entry with the IP address of the gateway to establish a user and gateway correspondence library.
在所述确定接收所述地址解析协议请求报文的物理接口的连接属性为 用户连接之后, 以及所述根据所述地址解析协议请求报文中的发送方 IP地 址查询用户和网关对应关系库,获取所述发送方 IP地址对应的网关的 IP地 址以及所述网关的 IP地址对应的 MAC地址之前, 还包括:  After the connection attribute of the physical interface that receives the address resolution protocol request message is determined to be a user connection, and the sender IP address is queried according to the sender IP address in the address resolution protocol request message, Before obtaining the IP address of the gateway corresponding to the sender IP address and the MAC address corresponding to the IP address of the gateway, the method further includes:
判断所述地址解析协议请求报文中的目的 IP地址是用户后, 查询所述 用户和网关对应关系库确认目的用户在线; 或者确定所述地址解析协议请 求才艮文中的目的 IP地址是所述 VLAN配置下的网关。  After determining that the destination IP address in the address resolution protocol request packet is a user, querying the user and the gateway correspondence database to confirm that the destination user is online; or determining that the destination IP address in the address resolution protocol request is the Gateway under VLAN configuration.
所述获取所述网关的 IP地址对应的 MAC地址具体为: 根据所述网关 的 IP地址查询所述地址解析协议条目获取所述网关的 MAC地址。  The obtaining the MAC address corresponding to the IP address of the gateway is specifically: querying the address resolution protocol entry according to the IP address of the gateway to obtain the MAC address of the gateway.
所述根据所述网关的 IP地址和 MAC地址以及所述地址解析协议请求 文, 构造并发送地址解析协议应答 ^艮文包括:  And constructing and sending an address resolution protocol response according to the IP address and the MAC address of the gateway and the address resolution protocol request message.
将所述网关的 IP地址和 MAC地址分别作为所要构造的所述地址解析 协议应答^艮文的发送方 IP地址和发送方首部; 将所述地址解析协议请求才艮 文中的发送方 IP地址和发送方首部作为所要构造的所述地址解析协议应答 文的目的 IP地址和目的首部; 和将构建好的所述地址解析协议应答 "^文 发送。  The IP address and the MAC address of the gateway are respectively used as the sender IP address and the sender header of the address resolution protocol to be constructed; and the address IP address of the sender in the address resolution protocol request message is The sender header is the destination IP address and destination header of the address resolution protocol response message to be constructed; and the address resolution protocol response constructed is sent.
所述确定接收所述地址解析协议请求报文的物理接口的连接属性为网 关连接之后, 和所述根据所述地址解析协议请求报文中的目的 IP地址查询 用户和网关对应关系库, 获取用户的 IP地址以及用户的 MAC地址之前, 还包括: 确定所述地址解析协议请求报文中的发送方地址是所述网关的 IP 地址, 且所述目的 IP地址是所述用户 IP地址。 所述获取用户的 IP地址以及用户的 MAC地址具体为: 所述目的 IP地 址是所述用户 IP地址才艮据,所述用户的 IP地址查询所述用户和网关对应关 系库中用户的 MAC地址。 After the connection attribute of the physical interface that receives the address resolution protocol request message is determined to be a gateway connection, the user and the gateway correspondence database are queried according to the destination IP address in the address resolution protocol request message, and the user is acquired. Before the IP address and the MAC address of the user, the method further includes: determining that the sender address in the address resolution protocol request message is an IP address of the gateway, and the destination IP address is the user IP address. The obtaining the IP address of the user and the MAC address of the user are: the destination IP address is the user IP address, and the IP address of the user queries the MAC address of the user in the user and the gateway correspondence database. .
所述根据所述用户的 IP地址和 MAC地址以及所述地址解析协议请求 才艮文构造并发送地址解析协议应答 ^艮文包括:将所述用户的 IP地址和 MAC 地址分别作为所要构造的所述地址解析协议应答 文的发送方 IP地址和发 送方首部; 将所述地址解析协议请求 ^艮文中的发送方 IP地址和发送方首部 作为所要构造的所述地址解析协议应答 文的目的 IP地址和目的首部; 和 将构建好的所述地址解析协议应答报文发送。  The constructing and sending the address resolution protocol response according to the user's IP address and MAC address and the address resolution protocol request include: using the user's IP address and MAC address as the desired structure Determining a sender IP address and a sender header of the address resolution protocol response message; using the sender IP address and the sender header in the address resolution protocol request as the destination IP address of the address resolution protocol response message to be constructed And the destination header; and the constructed address resolution protocol response message is sent.
当所述用户和网关对应关系库没有记录所述地址解析协议请求 4艮文中 的目的用户的 IP地址时; 将所述网关的 IP地址和 MAC地址分别作为所要 构建的地址解析协议请求 ^艮文的发送方 IP地址和发送方首部, 所述目的 IP 地址为所述所要构建的地址解析协议请求 文的目的 IP地址, 构建成所述 所要构建的地址解析协议请求报文, 以触发所述用户和网关对应关系库的 学习。  When the user and the gateway correspondence database do not record the IP address of the destination user in the address resolution protocol request message; the IP address and the MAC address of the gateway are respectively used as the address resolution protocol request to be constructed. a sender IP address and a sender header, the destination IP address being the destination IP address of the address resolution protocol request message to be constructed, and constructing the address resolution protocol request message to be constructed to trigger the user Learning with the gateway correspondence library.
当所述用户和网关对应关系库没有记录所述地址解析协议请求 4艮文中 的发送方 IP地址时; 将所述网关的 IP地址和 MAC地址分别作为所要构建 的地址解析协议请求 ^艮文的发送方 IP地址和发送方首部,所述发送方 IP地 址为所述所要构建的地址解析协议请求 文的目的 IP地址, 构建成所述所 要构建的地址解析协议请求报文, 以触发所述用户和网关对应关系库的学 习。  When the user and the gateway correspondence library do not record the sender IP address in the address resolution protocol request message; the IP address and the MAC address of the gateway are respectively used as address resolution protocol requests to be constructed. a sender IP address and a sender header, the sender IP address being the destination IP address of the address resolution protocol request message to be constructed, and constructing the address resolution protocol request message to be constructed to trigger the user Learning with the gateway correspondence library.
所述物理接口的连接属性是通过用户接口设置的。  The connection properties of the physical interface are set through a user interface.
本发明提供的实现强制 MAC转发功能的装置包括:  The device for implementing the mandatory MAC forwarding function provided by the present invention includes:
报文处理模块, 用于将接入节点的物理接口接收到的地址解析协议请 求报文不再转发; 地址解析协议代答模块, 与所述报文处理模块连接, 用于确定接收所 述地址解析协议请求报文的物理接口的连接属性为用户连接后, 根据所述 地址解析协议请求 中的发送方 IP地址查询用户和网关对应关系库, 获 取所述发送方 IP地址对应的网关的 IP地址以及所述网关的 IP地址对应的 MAC地址;根据所述网关的 IP地址和 MAC地址以及所述地址解析协议请 求报文, 构造并发送地址解析协议应答报文; 或者在确定接收所述地址解 析协议请求报文的物理接口的连接属性为网关连接后, 根据所述地址解析 协议请求 "^文中的目的方 IP地址查询用户和网关对应关系库, 获取用户的 IP地址以及用户的 IP地址所对应的 MAC地址;才艮据所述用户的 IP地址和 MAC 地址以及所述地址解析协议请求 文构造并发送地址解析协议应答 报文。 a packet processing module, configured to: forward the address resolution protocol request packet received by the physical interface of the access node; An address resolution protocol proxy module, configured to be connected to the packet processing module, configured to determine, after the connection property of the physical interface that receives the address resolution protocol request packet is a user connection, according to the sender in the address resolution protocol request Querying the user and the gateway correspondence database of the IP address, obtaining the IP address of the gateway corresponding to the sender IP address and the MAC address corresponding to the IP address of the gateway; and parsing according to the IP address and MAC address of the gateway and the address The protocol request message is configured to send and send an address resolution protocol response message; or after determining that the connection attribute of the physical interface receiving the address resolution protocol request message is a gateway connection, requesting the purpose in the ^^ text according to the address resolution protocol The party IP address queries the user and the gateway correspondence database, and obtains the IP address of the user and the MAC address corresponding to the IP address of the user; and constructs and sends according to the IP address and MAC address of the user and the address resolution protocol request message. Address Resolution Protocol response message.
实现强制 MAC转发功能的装置还包括: 强制 MAC转发学习模块, 用 于接收到地址解析协议请求报文或者应答报文后, 获取所述地址解析协议 请求 文或者应答 文中的发送方 IP地址和发送方首部创建地址解析协议 条目; 根据所述地址解析协议请求报文或者应答报文中的 VLAN标识查找 所述 VLAN下配置的网关的 IP地址; 确定所述发送方 IP地址与所述网关 的 IP地址不同; 将所述地址解析协议条目以及所述网关的 IP地址关联, 来 建立用户和网关对应关系库。  The device for implementing the mandatory MAC forwarding function further includes: a forced MAC forwarding learning module, configured to: after receiving the address resolution protocol request message or the response message, obtain the sender IP address and the sending address in the address resolution protocol request message or the response message An address resolution protocol entry is created by the first header; the IP address of the gateway configured in the VLAN is searched according to the VLAN identifier in the address resolution protocol request packet or the response packet; and the sender IP address and the IP address of the gateway are determined. The addresses are different; the address resolution protocol entry and the IP address of the gateway are associated to establish a user and gateway correspondence library.
因此, 通过本发明实现强制 MAC转发功能的方法和装置, 通过截取、 分析 ARP报文, 自动获取实现 MFF功能所需要的用户和网关对应关系的 方式; 另夕卜, EAN不再转发网关发送出来的 ARP请求报文, 而是由接入设 备代为直接回复用户 MAC地址的 ARP应答报文, 可以减少网络中的 ARP 广播报文数量。 附图说明  Therefore, the method and the device for implementing the mandatory MAC forwarding function of the present invention automatically acquire the manner of the user-to-gateway correspondence required to implement the MFF function by intercepting and analyzing the ARP packet. In addition, the EAN does not forward the gateway. The ARP request packet, but the ARP reply packet that the access device directly responds to the user's MAC address, can reduce the number of ARP broadcast packets on the network. DRAWINGS
图 1为本发明实现强制 MAC转发功能的装置框图; 图 2为本发明用户和网关对应关系的学习过程; 1 is a block diagram of a device for implementing a forced MAC forwarding function according to the present invention; 2 is a learning process of a correspondence between a user and a gateway according to the present invention;
图 3为本发明实现强制 MAC转发功能方法的实施例 1的流程图; 图 4为本发明 ARP条目的记录的内容;  3 is a flowchart of Embodiment 1 of a method for implementing a mandatory MAC forwarding function according to the present invention; FIG. 4 is a content of a record of an ARP entry according to the present invention;
图 5为本发明用户和网关对应关系库的示意图;  FIG. 5 is a schematic diagram of a user and gateway correspondence library according to the present invention; FIG.
图 6为本发明实现强制 MAC转发功能方法的实施例 2的流程图。 具体实施方式  FIG. 6 is a flowchart of Embodiment 2 of a method for implementing a mandatory MAC forwarding function according to the present invention. detailed description
下面通过附图和实施例, 对本发明实施例的技术方案做进一步的详细 描述。  The technical solutions of the embodiments of the present invention are further described in detail below with reference to the accompanying drawings and embodiments.
如图 1所示, 为本发明一种实现强制 MAC转发功能的装置框图, 该装 置实现了将 ARP请求报文不再转发, 而是代为应答, 从而减少网络中的 ARP广播报文。 该装置包括:  As shown in FIG. 1 , it is a block diagram of a device for implementing a forced MAC forwarding function. The device implements the ARP request packet not to be forwarded, but instead responds, thereby reducing ARP broadcast packets in the network. The device includes:
报文处理模块 10, 用于将接入节点的物理接口上接收到的地址解析协 议请求报文确定不再转发, 而代为转发;  The packet processing module 10 is configured to determine that the address resolution protocol request packet received on the physical interface of the access node is not forwarded, but is forwarded;
地址解析协议 ( ARP )代答模块 20, 与所述报文处理模块 10连接, 用 于在确定接收 ARP请求报文的物理接口的连接属性为用户连接后, 根据 ARP请求报文中的发送方 IP地址查询用户和网关对应关系库 50 ,获取所述 发送方 IP地址对应的网关的 IP地址以及所述网关的 IP地址对应的 MAC 地址; 根据所述网关的 IP地址和 MAC地址以及 ARP请求 ^艮文, 构造并发 送 ARP应答报文;或者在确定接收 ARP请求报文的物理接口的连接属性为 网关连接后,根据 ARP请求报文中的目的 IP地址查询用户和网关对应关系 库, 获取用户的 IP地址以及用户的 IP地址所对应的 MAC地址; 根据用户 的 IP地址和 MAC地址以及 ARP请求 ^艮文构造并发送地址解析协议应答才艮 文。  An address resolution protocol (ARP) proxy module 20 is connected to the packet processing module 10, and is configured to: after determining that the connection property of the physical interface that receives the ARP request packet is a user connection, according to the sender in the ARP request packet The IP address query user and gateway correspondence library 50 obtains the IP address of the gateway corresponding to the sender IP address and the MAC address corresponding to the IP address of the gateway; according to the IP address and MAC address of the gateway and the ARP request ^艮 , , , 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造 构造The IP address and the MAC address corresponding to the user's IP address; construct and send an address resolution protocol response according to the user's IP address and MAC address and the ARP request.
其中, 该模块 20具体的代答过程可以参见图 3和图 6中的详细描述。 如图 1所示, 该实现强制 MAC转发功能的装置还包括: 强制 MAC转发学习模块 30, 用于接收到 ARP请求报文或者应答报文 后,获取 ARP请求报文或者应答报文的发送方 IP地址和发送方首部创建地 址解析协议条目 (该地址解析协议条目包括用户 IP地址、 用户 MAC地址 以及 VLAN标识); 根据 ARP请求报文或者应答报文中的 VLAN标识查找 所述 VLAN下配置的网关的 IP地址; 确定所述发送方 IP地址与所述网关 的 IP地址不同; 将所述地址解析协议条目以及所述网关的 IP地址关联, 来 建立用户和网关对应关系库 50。 The specific pickup process of the module 20 can be referred to the detailed description in FIG. 3 and FIG. 6. As shown in FIG. 1, the apparatus for implementing the mandatory MAC forwarding function further includes: The mandatory MAC forwarding learning module 30 is configured to obtain an ARP request packet or a response packet, and obtain an ARP request packet or a sender IP address of the response packet and a sender header to create an address resolution protocol entry (the address resolution protocol entry) The IP address of the gateway configured in the VLAN is searched according to the VLAN identifier in the ARP request packet or the response packet. The IP address of the sender and the gateway are determined. The IP address is different; the address resolution protocol entry and the IP address of the gateway are associated to establish a user and gateway correspondence library 50.
该强制 MAC转发学习模块 30是在任何时候对所有的 ARP请求报文都 进行一个学习过程, 从而建立一个用户和网关对应关系库。  The forced MAC forwarding learning module 30 performs a learning process on all ARP request messages at any time to establish a user and gateway correspondence library.
地址解析协议代答模块还具有以下功能来触发用户和网关对应关系库 的学习。 在查找用户和网关对应关系库时, 没有找到 ARP请求报文中发送 方 IP地址时(即用户和网关对应关系库中没有以该发送方 IP地址为索引的 用户 IP地址记录在库中 ), 此时地址解析协议代答模块将会构建新的 ARP 请求 4艮文, 来触发用户和网关对应关系库的学习。 即将网关的 IP 地址和 MAC地址分别作为所要构建的 ARP请求报文的发送方 IP地址和发送方首 部, 原来 ARP请求报文的发送方 IP地址为所要构建的 ARP请求报文的目 的 IP地址, 这样就构建成所要构建的 ARP请求 ^艮文。  The Address Resolution Protocol Pickup Module also has the following functions to trigger the learning of the user and gateway correspondence libraries. When the user and the gateway correspondence database are searched, the IP address of the sender in the ARP request packet is not found (that is, the user IP address of the user and the gateway correspondence database that is not indexed by the sender IP address is recorded in the library). At this point, the address resolution protocol pickup module will construct a new ARP request message to trigger the learning of the user and gateway correspondence database. The IP address and MAC address of the gateway are respectively used as the sender IP address and sender header of the ARP request packet to be constructed. The IP address of the sender of the original ARP request packet is the destination IP address of the ARP request packet to be constructed. This is built into the ARP request to be constructed.
在用户和网关对应关系库中的用户 IP地址索引中没有找到目的用户的 IP地址, 则此时地址解析协议代答模块也将会构建新的 ARP请求报文, 来 触发用户和网关对应关系库的学习。 即将网关的 IP地址和 MAC地址分别 作为所要构建的 ARP请求报文的发送方 IP地址和发送方首部, 原 ARP报 文的目的 IP地址为所要构建的 ARP请求 文的目的 IP地址, 构建成新的 ARP请求报文, 以触发用户和网关对应关系库的学习。 构造的这个请求报 文是会在 VLAN内广播出去, 不进行学习。 后续的学习是根据收到的用户 回应的 ARP应答报文来进行。 地址解析协议代答模块 20和强制 MAC转发学习模块 30可以包括在一 个模块中, 即地址解析协议模块 60中。 If the IP address of the destination user is not found in the user IP address index in the user and gateway mapping database, the address resolution protocol pickup module will also construct a new ARP request packet to trigger the user and gateway correspondence database. Learning. The IP address and MAC address of the gateway are respectively used as the sender IP address and the sender's header of the ARP request packet to be constructed. The destination IP address of the original ARP packet is the destination IP address of the ARP request text to be constructed. ARP request message to trigger the learning of the user and gateway correspondence library. The constructed request message will be broadcast in the VLAN and will not be learned. Subsequent learning is performed based on the received ARP response message from the user. The address resolution protocol pickup module 20 and the forced MAC forwarding learning module 30 may be included in one module, namely the address resolution protocol module 60.
该实现强制 MAC转发功能的装置还可包括用户接口 70, 通过该用户 接口网络管理员可以设置物理接口的连接属性的是用户连接还是网关连 接, 并且配置 VLAN下的网关的 IP地址, 以及查看该用户和网关关系库 50。  The apparatus for implementing the mandatory MAC forwarding function may further include a user interface 70, by which the network administrator can set whether the connection attribute of the physical interface is a user connection or a gateway connection, and configure an IP address of the gateway under the VLAN, and view the User and gateway relationship library 50.
为了维护用户和网关对应关系库,该实现强制 MAC转发功能的装置还 包括用户和网关对应关系库组织和维护模块 40, 与强制 MAC转发学习模 块 30和 ARP代答模块 20连接, 将用户信息( IP地址、 MAC地址、 VLAN 标识)和对应网关的 IP地址组织成一张表, 提供添加、 删除、 更新、 查询 表项的接口。  In order to maintain the user and the gateway correspondence library, the device for implementing the forced MAC forwarding function further includes a user and gateway correspondence database organization and maintenance module 40, and is connected with the mandatory MAC forwarding learning module 30 and the ARP pickup module 20, and the user information is The IP address, MAC address, and VLAN ID of the corresponding gateway are organized into a table to provide interfaces for adding, deleting, updating, and querying entries.
下面介绍基于实现强制 MAC转发功能的装置的实现强制 MAC转发功 能方法的实施例, 以便更好地了解该装置的功能。 该实现强制 MAC转发功 能的装置设置在用户驻地网和汇接网之间的接入节点 (Access Node, AN ) 上。  An embodiment of a method for implementing a forced MAC forwarding function based on a device implementing a mandatory MAC forwarding function will be described below to better understand the function of the device. The device that implements the forced MAC forwarding function is placed on an access node (Access Node, AN) between the customer premises network and the tandem network.
在本发明中, 首先网络管理人员通过用户接口静态指定物理接口的连 接属性是网关来连接或者用户连接。 因此, 当 AN接收到 ARP请求报文时, 可以查询物理接口的属性, 就可确定此时接收 ARP请求 ^艮文的物理接口连 接的是用户还是网关, 从而知道 ARP请求报文是发送来自用户还是网关。  In the present invention, first, the network administrator statically specifies that the connection attribute of the physical interface is a gateway connection or a user connection through the user interface. Therefore, when the AN receives the ARP request packet, it can query the attributes of the physical interface, and can determine whether the physical interface that receives the ARP request message is the user or the gateway, so that the ARP request packet is sent from the user. Still a gateway.
并且用户和网关对应关系库是通过学习机制获得的, 从而解决了现有 技术中无法自动获得用户和网关对应关系。该实现强制 MAC转发功能装置 中的强制 MAC转发学习模块 30根据 ARP报文(例如 ARP请求报文和 ARP 应答报文 ) 的 VLAN标识查询对应网关的 IP地址(在每个 VLAN下只有 一个网关, 由网络管理员配置)。 然后, 将 ARP条目记录的用户信息 (用 户 IP地址、 MAC地址和 VLAN标识) 与网关关联起来, 添加到用户和网 关关系库中。 ARP条目是强制 MAC转发学习模块从 ARP请求报文或者应 答"¾文中解析出发送方 IP地址和发送方首部 (发送方 MAC地址) 然后创 建 ARP条目添加到 ARP緩存中, 创建的 ARP条目包括发送方 IP、 发送方 MAC地址 , 以及 VLAN标识。 强制 MAC转发学习模块完成了该用户和网 关对应关系的自动学习和创建。 The user and the gateway correspondence library are obtained through the learning mechanism, so that the corresponding relationship between the user and the gateway cannot be automatically obtained in the prior art. The mandatory MAC forwarding learning module 30 in the mandatory MAC forwarding function device queries the IP address of the corresponding gateway according to the VLAN identifier of the ARP packet (for example, the ARP request packet and the ARP response packet) (there is only one gateway in each VLAN. Configured by the network administrator). Then, the user information (user IP address, MAC address, and VLAN ID) recorded by the ARP entry is associated with the gateway and added to the user and the network. In the relationship library. The ARP entry is a mandatory MAC forwarding learning module that parses the sender IP address and the sender header (sender MAC address) from the ARP request message or the response. Then the ARP entry is created and added to the ARP cache. The created ARP entry includes sending The party IP, the sender MAC address, and the VLAN identifier. The forced MAC forwarding learning module completes the automatic learning and creation of the correspondence between the user and the gateway.
ARP条目添加在緩存中, 该 ARP条目中包括发送方 (用户或者网关) MAC地址、 发送方 (用户或者网关) IP地址和 VLAN标识。 ARP条目的 记录的内容如图 4所示。  The ARP entry is added to the cache. The ARP entry includes the sender (user or gateway) MAC address, the sender (user or gateway) IP address, and the VLAN ID. The contents of the record of the ARP entry are shown in Figure 4.
而用户和网关对应关系库中, 用户和网关对应关系是一种以用户 IP地 址为索引的数据表, 该数据表中包括用户 IP地址、用户 MAC地址、 VLAN 标识, 以及 VLAN相关的网关的 IP地址, 从而实现了使用用户 IP地址为 索引而查询到所属 VLAN下配置的网关的 IP地址, 再才艮据网关的 IP地址 从緩存中的获取到该网关对应的 ARP条目, 从而得到网关的 MAC地址。 用户和网关对应关系库的示意图如图 5所示。  In the user and gateway correspondence library, the user and gateway correspondence is a data table indexed by the user IP address, and the data table includes the user IP address, the user MAC address, the VLAN identifier, and the IP of the VLAN-related gateway. The address is used to query the IP address of the gateway configured in the VLAN to which the user IP address is indexed, and then obtain the MAC address of the gateway by obtaining the ARP entry corresponding to the gateway from the cache according to the IP address of the gateway. address. A schematic diagram of the user and gateway correspondence library is shown in FIG. 5.
该过程是本发明用户和网关对应关系的学习过程, 如图 2所示, 该过 程包括以下步骤, 同时参见图 5 所示, 用户和网关对应关系库的示意图: 在用户和网关对应关系的学习过程中连接用户的接口和连接网关的接口会 将接收到所有的 ARP报文 (包括请求和应答)上送到地址解析代答模块进 行处理。  The process is a learning process of the correspondence between the user and the gateway of the present invention. As shown in FIG. 2, the process includes the following steps. Referring to FIG. 5, the schematic diagram of the correspondence between the user and the gateway is as follows: The interface connecting the user and the interface connecting the gateway will send all received ARP packets (including requests and responses) to the address resolution pickup module for processing.
步骤 201 ,接收到地址解析协议请求报文或者应答报文后, 获取所述地 址解析协议请求>¾文或者应答 文中的发送方 IP地址和发送方首部 (即发 送方 MAC地址 )创建 ARP条目添加到 ARP緩存中 , 该 ARP条目记录的 用户信息有发送方 IP地址、 MAC地址和 VLAN标识 ( ARP条目可能是网 关的, 也可能是用户的。)  Step 201: After receiving the address resolution protocol request message or the response message, obtain the address resolution protocol request>3⁄4 text or the sender IP address in the response message and the sender header (ie, the sender MAC address) to create an ARP entry to be added. In the ARP cache, the user information recorded by the ARP entry has the sender's IP address, MAC address, and VLAN ID (the ARP entry may be gateway or user's.)
步骤 202, 根据所述地址解析协议请求报文或者应答报文中的 VLAN 标识查找所述 VLAN下配置的网关的 IP地址; Step 202: Request, according to the address resolution protocol, a VLAN in a request packet or a response packet. Identifying an IP address of a gateway configured in the VLAN;
步骤 203 , 确定所述发送方 IP地址与所述网关的 IP地址不同, 以防止 该发送方即为该 VLAN下配置的网关;  Step 203: Determine that the sender IP address is different from the IP address of the gateway, so as to prevent the sender from being a gateway configured in the VLAN.
步骤 204, 将所述地址解析协议条目以及所述网关的 IP地址关联, 来 建立用户和网关对应关系库。  Step 204: Associate the address resolution protocol entry and the IP address of the gateway to establish a user and gateway correspondence database.
通过用户和网关对应关系库组织和维护模块, 将用户信息 (IP地址、 MAC地址、 VLAN标识)和对应网关的 IP地址组织成一张表, 提供添加、 删除、 更新、 查询表项的接口, 从而添加进用户和网关对应关系库中。  Organizing and maintaining the user interface (IP address, MAC address, VLAN ID) and the IP address of the corresponding gateway into a single table, providing an interface for adding, deleting, updating, and querying the entries, thereby Add to the user and gateway correspondence library.
如图 3所示,为本发明实现强制 MAC转发功能方法的实施例 1的流程 图。 首先网络管理人员通过用户接口静态指定物理的接收接口连接的是网 关或者用户, 例如指定接收接口连接的是用户。 因此, 假定在本实施例 1 中该 AN的物理接口上接收到的报文是地址解析协议请求( ARP )报文; 并 且该物理接口属性是连接用户。 即在该装置中首先会对接收到的报文进行 判断, 对于 ARP请求报文不再进行转发, 而是进行本发明实现强制 MAC 转发功能的过程。  As shown in FIG. 3, it is a flowchart of Embodiment 1 of a method for implementing a mandatory MAC forwarding function according to the present invention. First, the network administrator statically specifies the physical receiving interface through the user interface to connect to the gateway or the user. For example, the user who specifies the receiving interface is connected. Therefore, it is assumed that the packet received on the physical interface of the AN in the first embodiment is an Address Resolution Protocol Request (ARP) packet; and the physical interface attribute is a connected user. That is, the device first judges the received packet, and does not forward the ARP request packet, but performs the process of implementing the mandatory MAC forwarding function.
如图 3所示, 物理接收接口连接的是用户, 该流程包括以下步骤: 步骤 301, 确定当前接收到的报文为 ARP请求报文;  As shown in FIG. 3, the physical receiving interface is connected to the user, and the process includes the following steps: Step 301: Determine that the currently received packet is an ARP request packet.
步骤 302, 判断接收 ARP请求报文的物理接口的属性设置为连接用户 (即用户主机);  Step 302: Determine that the attribute of the physical interface that receives the ARP request packet is set to be the connected user (that is, the user host).
步骤 303 , 判断 ARP请求报文中的目的 IP地址是否是网关(该网关是 指 VLAN网关 , 根据 VLAN标识查找 VLAN下配置的网关的 IP地址 , 然 后判断该 IP地址是否就是该 VLAN相关的网关的 IP地址, 若是则判断为 网关, 否则就判断为用户;);  Step 303: Determine whether the destination IP address in the ARP request packet is a gateway. The gateway refers to a VLAN gateway, and searches for the IP address of the gateway configured in the VLAN according to the VLAN identifier, and then determines whether the IP address is the gateway associated with the VLAN. IP address, if it is judged as a gateway, otherwise it is judged as a user;);
步骤 304, 目的 IP地址不是网关地址, 而是用户 IP地址, 则查询用户 和网关对应关系库确认该目的用户在线(是否有记录); 如果目的用户不在 线的话, 就不进行代答, 以阻断流量, 避免网关被攻击; Step 304: If the destination IP address is not the gateway address but the user IP address, query the user and the gateway correspondence database to confirm that the destination user is online (whether there is a record); If you are on the line, you will not pick up the traffic to block the traffic and prevent the gateway from being attacked.
步骤 305 ,根据 ARP请求 ^艮文中的发送方 IP地址查询用户和网关对应 关系库, 获取发送方 IP地址(也即物理接口连接的用户的 IP地址)对应的 VLAN相关的网关的 IP地址; 即在用户和网关对应关系表中以发送方 IP 地址在用户 IP地址为索引的一列中,找到相同 IP的记录项, 然后从中找到 网关的 IP地址;  Step 305: Query the user and the gateway correspondence database according to the sender IP address in the ARP request, and obtain the IP address of the VLAN-related gateway corresponding to the sender IP address (that is, the IP address of the user connected to the physical interface); In the user and gateway correspondence table, the sender IP address is in the column indexed by the user IP address, and the record of the same IP is found, and then the IP address of the gateway is found;
步骤 306, 根据该网关的 IP地址查询 ARP緩存, 从 ARP条目中获得 对应该 IP地址的 MAC地址;  Step 306: Query an ARP cache according to the IP address of the gateway, and obtain a MAC address corresponding to the IP address from the ARP entry.
步骤 307 , 根据网关的 IP地址和 MAC地址以及 ARP请求 ^艮文, 构造 并发送 ARP应答报文, 该步骤具体包括:  Step 307: Construct and send an ARP response packet according to the IP address and the MAC address of the gateway and the ARP request, and the step includes:
步骤 3071 , 将网关的 IP地址和 MAC地址分别作为所要构造的 ARP 应答 文的发送方 IP地址和发送方首部;  Step 3071: The IP address and the MAC address of the gateway are respectively used as the sender IP address and the sender header of the ARP reply message to be constructed;
步骤 3072, 将 ARP请求 文中的发送方 IP地址和发送方首部作为所 要构造的 ARP应答报文的目的 IP地址和目的首部; 和  Step 3072: The sender IP address and the sender header in the ARP request message are used as the destination IP address and destination header of the ARP response message to be constructed; and
步骤 3073 , 将构建好的 ARP应答报文发送给用户。  Step 3073: Send the constructed ARP response packet to the user.
上述的过程描述了该 ARP请求消息中目的 IP地址是用户的情况,而当 步骤 303判断出 ARP请求报文的目的 IP地址是 VLAN所关联的网关的 IP 地址, 如图 3所示, 即, 步骤 303后, 直接执行步骤 305至步骤 307。  The foregoing process describes the case where the destination IP address in the ARP request message is the user, and in step 303, the destination IP address of the ARP request packet is the IP address of the gateway associated with the VLAN, as shown in FIG. 3, that is, After step 303, step 305 to step 307 are directly executed.
如果在上述步骤 305在查找用户和网关对应关系库时, 没有找到 ARP 请求 文中发送方 IP地址时(即用户和网关对应关系库中没有以该发送方 IP地址为索引的用户 IP地址记录在库中 ), 此时地址解析协议代答模块将 会构建新的 ARP请求报文, 来触发用户和网关对应关系库的学习。 即将网 关的 IP地址和 MAC地址分别作为所要构建的 ARP请求报文的发送方 IP 地址和发送方首部,原来 ARP请求报文的发送方 IP地址为所要构建的 ARP 请求报文的目的 IP地址, 这样就构建成所要构建的 ARP请求报文。 除了上述会触发构建新的 ARP请求报文来触发用户和网关对应关系库 之外, 当在步骤 304中, 在用户和网关对应关系库中的用户 IP地址索引中 没有找到目的用户的 IP地址, 则此时地址解析协议代答模块也将会构建新 的 ARP请求 文, 来触发用户和网关对应关系库的学习。 即将网关的 IP 地址和 MAC地址分别作为所要构建的 ARP请求报文的发送方 IP地址和发 送方首部, 原 ARP报文的目的 IP地址为所要构建的 ARP请求报文的目的 IP地址,构建成新的 ARP请求报文,以触发用户和网关对应关系库的学习。 构造的这个请求报文是会在 VLAN内广播出去, 不进行学习。 后续的学习 是根据收到的用户回应的 ARP应答报文来进行。 If the IP address of the sender in the ARP request message is not found when searching the user and the gateway correspondence library in the above step 305 (that is, the user IP address in the user and the gateway correspondence database that is not indexed by the sender IP address is recorded in the library. Medium), at this point, the address resolution protocol pickup module will construct a new ARP request message to trigger the learning of the user and gateway correspondence database. The IP address and MAC address of the gateway are respectively used as the sender IP address and sender header of the ARP request packet to be constructed. The IP address of the sender of the original ARP request packet is the destination IP address of the ARP request packet to be constructed. This is constructed as an ARP request message to be constructed. In addition to the above, a new ARP request message is triggered to trigger the user and gateway correspondence library. When the user IP address index in the user and gateway correspondence database is not found in step 304, the IP address of the destination user is not found. At this time, the address resolution protocol pickup module will also construct a new ARP request message to trigger the learning of the user and gateway correspondence database. The IP address and the MAC address of the gateway are respectively used as the sender IP address and the sender's header of the ARP request packet to be constructed. The destination IP address of the original ARP packet is the destination IP address of the ARP request packet to be constructed. A new ARP request message to trigger the learning of the user and gateway correspondence library. The constructed request message will be broadcast in the VLAN and will not be learned. Subsequent learning is performed based on the received ARP response message from the user.
如图 6所示,为本发明实现强制 MAC转发功能方法的实施例 2的流程 图。 首先网络管理人员通过用户接口静态指定物理的接收接口连接的是网 关或者用户, 例如指定接收接口连接的是网关。 因此, 假定在本实施例 1 中该 AN的物理接口上接收到的报文是地址解析协议请求( ARP )报文; 并 且该物理接口属性是连接网关。 即在该装置中首先会对接收到的报文进行 判断, 对于来自网关的 ARP请求报文不再进行转发, 而是进行本发明实现 强制 MAC转发功能的过程。  FIG. 6 is a flow chart of Embodiment 2 of a method for implementing a forced MAC forwarding function according to the present invention. First, the network administrator statically specifies the physical receiving interface through the user interface to connect to the gateway or the user. For example, the designated receiving interface is connected to the gateway. Therefore, it is assumed that the message received on the physical interface of the AN in the first embodiment is an Address Resolution Protocol Request (ARP) message; and the physical interface attribute is a connection gateway. That is, in the device, the received packet is first judged, and the ARP request packet from the gateway is not forwarded, but the process of implementing the mandatory MAC forwarding function is performed.
如图 6所示, 物理接收接口连接的是网关, 该实现 MAC功能转发的方 法的流程包括以下步骤:  As shown in Figure 6, the physical receiving interface is connected to the gateway. The process of implementing the MAC function forwarding method includes the following steps:
步骤 601, 确定当前接收到的报文为 ARP请求报文;  Step 601: Determine that the currently received packet is an ARP request packet.
步骤 602,判断接收 ARP请求报文的物理接口的属性设置为连接网关; 步骤 603 ,判断 ARP请求 文中的发送方 IP地址是否是 VLAN配置的 网关的 IP地址; 该网关的 IP地址是根据 VLAN标识查找 VLAN下配置的 网关的 IP地址;  Step 602: Determine that the attribute of the physical interface that receives the ARP request message is set to be the connection gateway. Step 603: Determine whether the IP address of the sender in the ARP request message is an IP address of the gateway configured by the VLAN. The IP address of the gateway is based on the VLAN identifier. Find the IP address of the gateway configured in the VLAN.
步骤 604, 如果不是, 则丟弃该 ARP请求报文;  Step 604, if not, discarding the ARP request packet;
步骤 605 ,如果是,接着判断该 ARP请求报文的目的地址是否是 VLAN 配置网关的 IP地址; Step 605, if yes, then determine whether the destination address of the ARP request packet is a VLAN. Configure the IP address of the gateway.
步骤 606, 如果是, 则丟弃该 ARP请求报文;  Step 606, if yes, discarding the ARP request packet;
步骤 607, 如果不是, 则根据 ARP请求报文中的目的 IP地址(此时目 的 IP地址即为用户 IP地址)查询用户和网关对应关系库, 获取用户的 IP 地址以及用户的 MAC地址; 即根据该用户的 IP地址查询该用户和网关对 应关系库, 获取所述用户的 MAC地址;  Step 607: If not, query the user and the gateway correspondence database according to the destination IP address in the ARP request packet (the destination IP address is the user IP address), and obtain the IP address of the user and the MAC address of the user; The IP address of the user queries the correspondence database of the user and the gateway, and obtains the MAC address of the user;
步骤 608, 根据用户的 IP地址和 MAC地址以及 ARP请求 4艮文构造并 发送 ARP应答报文, 该步骤具体包括:  Step 608: Construct and send an ARP response packet according to the IP address and the MAC address of the user and the ARP request, and the step includes:
步骤 6081 , 将用户的 IP地址和 MAC地址分别作为所要构造的 ARP 应答 文的发送方 IP地址和发送方首部;  Step 6081: The IP address and the MAC address of the user are respectively used as the sender IP address and the sender header of the ARP reply message to be constructed;
步骤 6082, 将 ARP请求 文中的发送方 IP地址和发送方首部作为所 要构造的 ARP应答报文的目的 IP地址和目的首部; 和  Step 6082: The sender IP address and the sender header in the ARP request message are used as the destination IP address and destination header of the ARP response message to be constructed; and
步骤 6083 , 将构建好的 ARP应答报文发送给网关, 该网关也即 VLAN 下配置的网关。  Step 6083: Send the constructed ARP reply packet to the gateway, where the gateway is also a gateway configured in the VLAN.
通过上述实施例 1和实施例 1描述的过程, 釆用本发明实现强制 MAC 转发功能的方法, 实现了 AN接收到 ARP请求报文后, 不再进行转发, 而 是直接代为应答, 并且通过建立用户和网关对应关系自动学习机制, 可以 自动获取用户和网关的对应关系,从而减少了网络中的 ARP广播报文数量。  Through the process described in Embodiment 1 and Embodiment 1, the method for implementing the mandatory MAC forwarding function is implemented by the present invention, and after the AN receives the ARP request packet, the AN does not forward the packet, but directly responds, and establishes The automatic learning mechanism of the user-to-gateway relationship automatically obtains the correspondence between the user and the gateway, thus reducing the number of ARP broadcast packets on the network.
在该用户和网关对应关系的自动学习中, 可以通过建立新的 ARP请求 消息来触发该学习机制, 这种触发可以在整个代答过程中查询用户和网关 对应关系库时, 当在关系库中出现没有记录的用户 IP地址时, 即可建立新 的 ARP请求来触发学习机制。 本发明实现了 ARP代答, 收到用户的 ARP 请求报文, 釆用网关的 MAC地址应答, 收到网关的 ARP请求报文则釆用 用户的 MAC地址应答。  In the automatic learning of the correspondence between the user and the gateway, the learning mechanism may be triggered by establishing a new ARP request message, and the trigger may be used to query the user and the gateway correspondence database during the entire pickup process, when in the relational library. When there is an unrecorded user IP address, a new ARP request can be established to trigger the learning mechanism. The invention implements ARP pickup, receives the user's ARP request message, responds with the gateway's MAC address, and receives the ARP request message of the gateway, and then responds with the user's MAC address.
最后应当说明的是, 以上实施例仅用以说明本发明的技术方案而非限 制, 尽管参照较佳实施例对本发明进行了详细说明, 本领域的普通技术人 员应当理解, 可以对本发明进行修改、 更改或者等同替换, 而不脱离本发 明和权利要求的精神和范围。 Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention and are not limited thereto. The present invention has been described in detail with reference to the preferred embodiments thereof, and it is understood that the invention may be modified, modified or equivalently substituted without departing from the spirit and scope of the invention.

Claims

权利要求书 Claim
1、 一种实现强制 MAC转发功能的方法, 其特征在于, 该方法包括: 确定接收到的报文为地址解析协议请求报文;  A method for implementing a mandatory MAC forwarding function, the method comprising: determining that the received packet is an address resolution protocol request packet;
在确定接收所述地址解析协议请求报文的物理接口的连接属性为用户 连接后,根据所述地址解析协议请求 文中的发送方网际协议( IP )地址查 询用户和网关对应关系库,获取所述发送方 IP地址对应的网关的 IP地址以 及所述网关的介质访问控制 (MAC )地址;  After determining that the connection attribute of the physical interface that receives the address resolution protocol request message is a user connection, querying the user and the gateway correspondence database according to the sender Internet Protocol (IP) address in the address resolution protocol request message, and obtaining the The IP address of the gateway corresponding to the sender IP address and the media access control (MAC) address of the gateway;
根据所述网关的 IP地址和 MAC地址以及所述地址解析协议请求 ^艮文, 构造并发送地址解析协议应答^^文; 或者  And constructing and sending an address resolution protocol response ^^ according to the IP address and MAC address of the gateway and the address resolution protocol request; or
在确定接收所述地址解析协议请求报文的物理接口的连接属性为网关 连接后, 根据所述地址解析协议请求 文中的目的 IP地址查询用户和网关 对应关系库, 获取用户的 IP地址以及用户的 MAC地址;  After determining that the connection attribute of the physical interface that receives the address resolution protocol request message is a gateway connection, query the user and the gateway correspondence database according to the destination IP address in the address resolution protocol request message, and obtain the IP address of the user and the user. MAC address;
根据所述用户的 IP地址和 MAC地址以及所述地址解析协议请求 ^艮文 构造并发送地址解析协议应答^^艮文。  And according to the IP address and MAC address of the user and the address resolution protocol request, and the address resolution protocol is sent and sent.
2、如权利要求 1所述的实现强制 MAC转发功能的方法, 其特征在于, 所述用户和网关对应关系库是通过以下过程预先建立的:  The method for implementing the mandatory MAC forwarding function according to claim 1, wherein the user and gateway correspondence database is pre-established by the following process:
接收到地址解析协议请求报文或者应答报文后, 获取所述地址解析协 议请求 文或者应答 文中的发送方 IP地址和发送方首部创建地址解析协 议条目;  After receiving the address resolution protocol request message or the response message, obtaining the address resolution protocol request message or the sender IP address in the response message and the sender header to create an address resolution protocol entry;
根据所述地址解析协议请求报文或者应答报文中的虚拟局域网 ( VLAN )标识查找所述 VLAN下配置的所述网关的 IP地址;  And searching for an IP address of the gateway configured in the VLAN according to the virtual local area network (VLAN) identifier in the address resolution protocol request packet or the response packet;
确定所述发送方 IP地址与所述网关的 IP地址不同; 和  Determining that the sender IP address is different from the gateway IP address; and
将所述地址解析协议条目以及所述网关的 IP地址关联, 来建立用户和 网关对应关系库。  The address resolution protocol entry and the IP address of the gateway are associated to establish a user and gateway correspondence library.
3、如权利要求 2所述的实现强制 MAC转发功能的方法, 其特征在于, 在所述确定接收所述地址解析协议请求报文的物理接口的连接属性为用户 连接之后, 以及所述根据所述地址解析协议请求报文中的发送方 IP地址查 询用户和网关对应关系库,获取所述发送方 IP地址对应的网关的 IP地址以 及所述网关的 IP地址对应的 MAC地址之前 , 还包括: 3. A method of implementing a mandatory MAC forwarding function as claimed in claim 2, characterized in that After the connection attribute of the physical interface that receives the address resolution protocol request message is determined to be a user connection, and the sender IP address is queried according to the sender IP address in the address resolution protocol request message, Before obtaining the IP address of the gateway corresponding to the sender IP address and the MAC address corresponding to the IP address of the gateway, the method further includes:
判断所述地址解析协议请求报文中的目的 IP地址是用户后, 查询所述 用户和网关对应关系库确认目的用户在线; 或者 的网关。  After determining that the destination IP address in the address resolution protocol request packet is a user, querying the user and the gateway correspondence database to confirm that the destination user is online; or a gateway.
4、如权利要求 3所述的实现强制 MAC转发功能的方法, 其特征在于, 所述获取所述网关的 IP地址对应的 MAC地址具体为:  The method for implementing the mandatory MAC forwarding function according to claim 3, wherein the obtaining the MAC address corresponding to the IP address of the gateway is specifically:
根据所述网关的 IP地址查询所述地址解析协议条目获取所述网关的 MAC地址。  Querying the address resolution protocol entry according to the IP address of the gateway to obtain a MAC address of the gateway.
5、如权利要求 4所述的实现强制 MAC转发功能的方法, 其特征在于, 所述根据所述网关的 IP地址和 MAC地址以及所述地址解析协议请求 ^艮文, 构造并发送地址解析协议应答 ^文包括:  The method for implementing the mandatory MAC forwarding function according to claim 4, wherein the requesting and sending an address resolution protocol according to the IP address and MAC address of the gateway and the address resolution protocol request The response ^ text includes:
将所述网关的 IP地址和 MAC地址分别作为所要构造的所述地址解析 协议应答>¾文的发送方 IP地址和发送方首部;  The IP address and the MAC address of the gateway are respectively used as the sender IP address and the sender header of the address resolution protocol to be configured;
将所述地址解析协议请求报文中的发送方 IP地址和发送方首部作为所 要构造的所述地址解析协议应答 文的目的 IP地址和目的首部; 和  And sending, by the sender IP address and the sender header in the address resolution protocol request message, a destination IP address and a destination header of the address resolution protocol response message to be constructed; and
将构建好的所述地址解析协议应答报文发送。  The constructed address resolution protocol response message is sent.
6、如权利要求 2所述的实现强制 MAC转发功能的方法, 其特征在于, 所述确定接收所述地址解析协议请求报文的物理接口的连接属性为网关连 接之后, 和所述根据所述地址解析协议请求报文中的目的 IP地址查询用户 和网关对应关系库, 获取用户的 IP地址以及用户的 MAC地址之前, 还包 括: 确定所述地址解析协议请求报文中的发送方地址是所述网关的 IP地 址, 且所述目的 IP地址是所述用户 IP地址。 The method for implementing the mandatory MAC forwarding function according to claim 2, wherein the determining that the connection attribute of the physical interface that receives the address resolution protocol request message is a gateway connection, and The destination IP address in the address resolution protocol request packet is used to query the user and gateway correspondence database. Before obtaining the IP address of the user and the MAC address of the user, the method further includes: Determining that the sender address in the address resolution protocol request message is an IP address of the gateway, and the destination IP address is the user IP address.
7、如权利要求 6所述的实现强制 MAC转发功能的方法, 其特征在于, 所述获取用户的 IP地址以及用户的 MAC地址具体为:  The method for implementing the mandatory MAC forwarding function according to claim 6, wherein the acquiring the IP address of the user and the MAC address of the user are specifically:
所述目的 IP地址是所述用户 IP地址, 才艮据所述用户的 IP地址查询所 述用户和网关对应关系库中用户的 MAC地址。  The destination IP address is the user IP address, and the MAC address of the user in the user and gateway correspondence database is queried according to the IP address of the user.
8、如权利要求 7所述的实现强制 MAC转发功能的方法, 其特征在于, 所述根据所述用户的 IP地址和 MAC地址以及所述地址解析协议请求 ^艮文 构造并发送地址解析协议应答 ^文包括:  The method for implementing the mandatory MAC forwarding function according to claim 7, wherein the requesting and constructing an address resolution protocol response according to the IP address and MAC address of the user and the address resolution protocol ^Text includes:
将所述用户的 IP地址和 MAC地址分别作为所要构造的所述地址解析 协议应答>¾文的发送方 IP地址和发送方首部;  The IP address and the MAC address of the user are respectively used as the sender IP address and the sender header of the address resolution protocol to be configured;
将所述地址解析协议请求报文中的发送方 IP地址和发送方首部作为所 要构造的所述地址解析协议应答 文的目的 IP地址和目的首部; 和  And sending, by the sender IP address and the sender header in the address resolution protocol request message, a destination IP address and a destination header of the address resolution protocol response message to be constructed; and
将构建好的所述地址解析协议应答报文发送。  The constructed address resolution protocol response message is sent.
9、如权利要求 3所述的实现强制 MAC转发功能的方法, 其特征在于, 当所述用户和网关对应关系库没有记录所述地址解析协议请求报文中的目 的用户的 IP地址时; 将所述网关的 IP地址和 MAC地址分别作为所要构建 的地址解析协议请求 ^艮文的发送方 IP地址和发送方首部,所述目的 IP地址 为所述所要构建的地址解析协议请求报文的目的 IP地址, 构建成所述所要 构建的地址解析协议请求 文, 以触发所述用户和网关对应关系库的学习。  The method for implementing the mandatory MAC forwarding function according to claim 3, wherein when the user and the gateway correspondence database do not record the IP address of the destination user in the address resolution protocol request message; The IP address and the MAC address of the gateway are respectively used as the sender IP address and the sender header of the address resolution protocol request to be constructed, and the destination IP address is the destination of the address resolution protocol request message to be constructed. The IP address is constructed into the address resolution protocol request message to be constructed to trigger the learning of the user and the gateway correspondence database.
10、如权利要求 3所述的实现强制 MAC转发功能的方法,其特征在于, 当所述用户和网关对应关系库没有记录所述地址解析协议请求报文中的发 送方 IP地址时; 将所述网关的 IP地址和 MAC地址分别作为所要构建的地 址解析协议请求 ^艮文的发送方 IP地址和发送方首部,所述发送方 IP地址为 所述所要构建的地址解析协议请求报文的目的 IP地址, 构建成所述所要构 建的地址解析协议请求>¾文, 以触发所述用户和网关对应关系库的学习。The method for implementing the mandatory MAC forwarding function according to claim 3, wherein when the user and the gateway correspondence database do not record the sender IP address in the address resolution protocol request message; The IP address and the MAC address of the gateway are respectively used as the sender IP address and the sender header of the address resolution protocol request to be constructed, and the sender IP address is the destination of the address resolution protocol request message to be constructed. IP address, constructed into the desired structure The established address resolution protocol requests >3⁄4 text to trigger the learning of the user and gateway correspondence library.
11、如权利要求 1所述的实现强制 MAC转发功能的方法, 其特征在于 所述物理接口的连接属性是通过用户接口设置的。 The method for implementing a mandatory MAC forwarding function according to claim 1, wherein the connection attribute of the physical interface is set through a user interface.
12、 一种实现强制 MAC转发功能的装置, 其特征在于包括: 报文处理模块, 用于将接入节点的物理接口接收到的地址解析协议请 求报文不再转发;  An apparatus for implementing a mandatory MAC forwarding function, comprising: a packet processing module, configured to: forward an address resolution protocol request message received by a physical interface of an access node;
地址解析协议代答模块, 与所述报文处理模块连接, 用于确定接收所 述地址解析协议请求报文的物理接口的连接属性为用户连接后, 根据所述 地址解析协议请求 中的发送方 IP地址查询用户和网关对应关系库, 获 取所述发送方 IP地址对应的网关的 IP地址以及所述网关的 IP地址对应的 MAC地址;根据所述网关的 IP地址和 MAC地址以及所述地址解析协议请 求报文, 构造并发送地址解析协议应答报文; 或者在确定接收所述地址解 析协议请求报文的物理接口的连接属性为网关连接后, 根据所述地址解析 协议请求 "^文中的目的方 IP地址查询用户和网关对应关系库, 获取用户的 IP地址以及用户的 IP地址所对应的 MAC地址;才艮据所述用户的 IP地址和 MAC 地址以及所述地址解析协议请求 文构造并发送地址解析协议应答 报文。  An address resolution protocol proxy module, configured to be connected to the packet processing module, configured to determine, after the connection property of the physical interface that receives the address resolution protocol request packet is a user connection, according to the sender in the address resolution protocol request Querying the user and the gateway correspondence database of the IP address, obtaining the IP address of the gateway corresponding to the sender IP address and the MAC address corresponding to the IP address of the gateway; and parsing according to the IP address and MAC address of the gateway and the address The protocol request message is configured to send and send an address resolution protocol response message; or after determining that the connection attribute of the physical interface receiving the address resolution protocol request message is a gateway connection, requesting the purpose in the ^^ text according to the address resolution protocol The party IP address queries the user and the gateway correspondence database, and obtains the IP address of the user and the MAC address corresponding to the IP address of the user; and constructs and sends according to the IP address and MAC address of the user and the address resolution protocol request message. Address Resolution Protocol response message.
13、 如权利要求 12所述的实现强制 MAC转发功能的装置, 其特征在 于还包括:  13. The apparatus for implementing a mandatory MAC forwarding function according to claim 12, further comprising:
强制 MAC转发学习模块,用于接收到地址解析协议请求报文或者应答 报文后, 获取所述地址解析协议请求报文或者应答报文中的发送方 IP地址 和发送方首部创建地址解析协议条目; 根据所述地址解析协议请求报文或 者应答报文中的 VLAN标识查找所述 VLAN下配置的网关的 IP地址; 确 定所述发送方 IP地址与所述网关的 IP地址不同;将所述地址解析协议条目 以及所述网关的 IP地址关联, 来建立用户和网关对应关系库。  The mandatory MAC forwarding learning module is configured to: after receiving the address resolution protocol request packet or the response packet, obtain the sender IP address and the sender header to create an address resolution protocol entry in the address resolution protocol request packet or the response packet. And determining, according to the VLAN identifier in the address resolution protocol request packet or the response packet, an IP address of the gateway configured in the VLAN; determining that the sender IP address is different from the IP address of the gateway; The protocol entry and the IP address association of the gateway are resolved to establish a user and gateway correspondence library.
PCT/CN2010/072924 2009-06-03 2010-05-19 Method and device for implementing mac-forced forwarding WO2010139238A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910143552.7 2009-06-03
CN200910143552A CN101577722B (en) 2009-06-03 2009-06-03 Method for realizing MAC forced forwarding function and device

Publications (1)

Publication Number Publication Date
WO2010139238A1 true WO2010139238A1 (en) 2010-12-09

Family

ID=41272509

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/072924 WO2010139238A1 (en) 2009-06-03 2010-05-19 Method and device for implementing mac-forced forwarding

Country Status (2)

Country Link
CN (1) CN101577722B (en)
WO (1) WO2010139238A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112866113A (en) * 2020-12-29 2021-05-28 京信网络系统股份有限公司 Method, system, computer device and storage medium for ARP proxy in routing packet forwarding
CN113132218A (en) * 2019-12-31 2021-07-16 中兴通讯股份有限公司 Home gateway access method, device, system processor and storage medium
CN113438335A (en) * 2021-06-10 2021-09-24 深圳市广和通无线股份有限公司 Routing method, device, equipment and storage medium
CN113726632A (en) * 2021-07-31 2021-11-30 新华三信息安全技术有限公司 Message forwarding method and device

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101577722B (en) * 2009-06-03 2012-09-05 中兴通讯股份有限公司 Method for realizing MAC forced forwarding function and device
CN102075591A (en) * 2010-12-21 2011-05-25 华为技术有限公司 Method, device and system for acquiring media access control address
CN102075426A (en) * 2011-01-14 2011-05-25 中兴通讯股份有限公司 Message transmission method under MFF manual mode and device
CN102355417A (en) * 2011-10-08 2012-02-15 杭州华三通信技术有限公司 Data center two-layer interconnection method and device
CN102647360B (en) * 2012-04-26 2015-02-18 杭州华三通信技术有限公司 Method and equipment for transmitting messages in VRRPE (virtual router redundancy protocol equilibrium)
CN102938794B (en) * 2012-11-14 2016-01-13 华为技术有限公司 ARP message forwarding method, switch and controller
CN103841029B (en) * 2012-11-21 2018-02-23 华为技术有限公司 Data transmission method, device and system
WO2014079005A1 (en) * 2012-11-21 2014-05-30 华为技术有限公司 Mac address mandatory forwarding device and method
CN104468855B (en) * 2013-09-25 2018-04-03 阿里巴巴集团控股有限公司 The treating method and apparatus of ARP message
CN104283982B (en) * 2014-10-21 2019-04-02 中国联合网络通信集团有限公司 A kind of method that DMZ host automatically points to, system and gateway
CN105743761A (en) * 2014-12-12 2016-07-06 中兴通讯股份有限公司 Method and network equipment for realizing two-layer isolation and three-layer intercommunication of routing interface
CN105553852A (en) * 2015-12-31 2016-05-04 联想(北京)有限公司 Information processing method and apparatus, electronic device and management platform
CN107181681B (en) * 2016-03-10 2022-02-25 中兴通讯股份有限公司 SDN two-layer forwarding method and system
CN108183978B (en) * 2018-03-29 2021-01-22 北京环境特性研究所 Communication equipment IP address configuration method and communication equipment
CN110912760B (en) * 2019-12-30 2022-11-01 杭州迪普科技股份有限公司 Link state detection method and device
CN112235175B (en) * 2020-09-01 2022-03-18 深圳市共进电子股份有限公司 Access method and access device of network bridge equipment and network bridge equipment
CN114900560A (en) * 2022-04-01 2022-08-12 阿里云计算有限公司 Control method, system, device and medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101094178A (en) * 2007-07-16 2007-12-26 杭州华三通信技术有限公司 Method and device for sending out ARP request under condition without VLAN virtual interface
CN101098292A (en) * 2006-06-29 2008-01-02 中兴通讯股份有限公司 Method for reducing user address analysis protocol broadcast on access equipment
CN101577722A (en) * 2009-06-03 2009-11-11 中兴通讯股份有限公司 Method for realizing MAC forced forwarding function and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8856372B2 (en) * 2005-05-23 2014-10-07 Telefonaktiebolaget L M Ericsson (Publ) Method and system for local Peer-to-Peer traffic

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101098292A (en) * 2006-06-29 2008-01-02 中兴通讯股份有限公司 Method for reducing user address analysis protocol broadcast on access equipment
CN101094178A (en) * 2007-07-16 2007-12-26 杭州华三通信技术有限公司 Method and device for sending out ARP request under condition without VLAN virtual interface
CN101577722A (en) * 2009-06-03 2009-11-11 中兴通讯股份有限公司 Method for realizing MAC forced forwarding function and device

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113132218A (en) * 2019-12-31 2021-07-16 中兴通讯股份有限公司 Home gateway access method, device, system processor and storage medium
CN113132218B (en) * 2019-12-31 2023-10-20 中兴通讯股份有限公司 Home gateway access method, device, system processor and storage medium
CN112866113A (en) * 2020-12-29 2021-05-28 京信网络系统股份有限公司 Method, system, computer device and storage medium for ARP proxy in routing packet forwarding
CN112866113B (en) * 2020-12-29 2022-11-01 京信网络系统股份有限公司 Method, system, computer device and storage medium for ARP proxy in routing packet forwarding
CN113438335A (en) * 2021-06-10 2021-09-24 深圳市广和通无线股份有限公司 Routing method, device, equipment and storage medium
CN113726632A (en) * 2021-07-31 2021-11-30 新华三信息安全技术有限公司 Message forwarding method and device
CN113726632B (en) * 2021-07-31 2023-04-18 新华三信息安全技术有限公司 Message forwarding method and device

Also Published As

Publication number Publication date
CN101577722A (en) 2009-11-11
CN101577722B (en) 2012-09-05

Similar Documents

Publication Publication Date Title
WO2010139238A1 (en) Method and device for implementing mac-forced forwarding
US7986649B2 (en) Method, apparatus and system for virtual network configuration and partition handover
US7808994B1 (en) Forwarding traffic to VLAN interfaces built based on subscriber information strings
WO2018028606A1 (en) Forwarding policy configuration
JP5167225B2 (en) Technology that allows multiple virtual filers on one filer to participate in multiple address spaces with overlapping network addresses
US8837483B2 (en) Mapping private and public addresses
WO2015117337A1 (en) Method and apparatus for setting network rule entry
WO2012094898A1 (en) Virtual machine migration method, switch, virtual machine system
WO2006116925A1 (en) A method for distributing the service according to the type of the terminal
WO2009052668A1 (en) A nat-pt device and a load-sharing method for nat-pt device
WO2007140691A1 (en) A method, apparatus, and system implementing the vpn configuration service
WO2011113393A2 (en) Virtual local area network identity transformation method and apparatus
WO2006122502A1 (en) A transmission method for message in layer 2 and an access device
WO2007019785A1 (en) A multicast supported virtual local area network switching system and a method thereof
US20070071012A1 (en) Home network connection management system using UPnP and VLAN multicast
CN106254407B (en) Method and device for sharing home network service
WO2016197787A2 (en) Access control method and apparatus
WO2010060246A1 (en) Method and apparatus for realizing arp request broadcasting limitation
WO2007045157A1 (en) Service provisioning method and system thereof
US9166884B2 (en) Network location service
WO2009003394A1 (en) Method for studying mac address and network element apparatus
WO2008151548A1 (en) A method and apparatus for preventing the counterfeiting of the network-side media access control (mac) address
WO2011107052A2 (en) Method and access node for preventing address conflict
WO2010099680A1 (en) Method and system for enabling private network user to access private network device at the same side
JP3858884B2 (en) Network access gateway, network access gateway control method and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10782942

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10782942

Country of ref document: EP

Kind code of ref document: A1