WO2011131088A1 - Procédé de traitement de message de données, routeur de tunnel d'entrée et système - Google Patents

Procédé de traitement de message de données, routeur de tunnel d'entrée et système Download PDF

Info

Publication number
WO2011131088A1
WO2011131088A1 PCT/CN2011/072490 CN2011072490W WO2011131088A1 WO 2011131088 A1 WO2011131088 A1 WO 2011131088A1 CN 2011072490 W CN2011072490 W CN 2011072490W WO 2011131088 A1 WO2011131088 A1 WO 2011131088A1
Authority
WO
WIPO (PCT)
Prior art keywords
host
mapping
dns
module
packet
Prior art date
Application number
PCT/CN2011/072490
Other languages
English (en)
Chinese (zh)
Inventor
晏祥彪
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011131088A1 publication Critical patent/WO2011131088A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5084Providing for device mobility

Definitions

  • the present invention relates to the field of communications, and more particularly to a data packet processing method, an ingress tunnel router and a system in a Location Identity Separation Protocol (LISP) network.
  • LISP Location Identity Separation Protocol
  • 3G and 4G are the core of the research on next-generation networks in the field of wireless communication, aiming to improve the quality of wireless mobile communication based on the all-IP packet core network; the next-generation network and the next-generation Internet are the convergence of next-generation networks in the telecommunication network and the Internet, respectively.
  • Research; China's next-generation Internet aims to build a next-generation Internet based on IPv6; although various studies vary widely, the widely accepted view of various studies is that the future network is a unified bearer network based on packets. Therefore, research on the next generation network architecture will use the Internet as the main reference.
  • the Internet has maintained rapid development since its birth. It has become the most successful and most vital communication network.
  • the transmitted address is the received address, and the path is reversible, so the IP address with dual attributes of identity and location can work very well.
  • the IP address also represents the identity and location that exactly met the network needs of the time. From the perspective of the network environment at the time, this design scheme is simple and effective, simplifying the hierarchy of the protocol stack. But there is no doubt that there is an internal contradiction between the identity attribute of the IP address and the location attribute.
  • the identity attribute of an IP address requires that any two IP addresses be equal.
  • IP address location attribute requires IP address
  • the IP addresses in the same subnet should be in a contiguous IP address block, so that the IP address prefixes in the network topology can be aggregated, thus reducing the router device.
  • the entry of the routing table guarantees the scalability of the routing system.
  • DHCP Dynamic Host Configuration Protocol
  • NAT Network Address Translator
  • the user status of the Internet has changed dramatically.
  • the Internet was basically used by people who are in a common group and trusted by each other.
  • the traditional Internet protocol stack is also designed based on such a set of devices; the current Internet users are mixed, people It is difficult to continue to trust each other. In this case, the Internet, which lacks embedded security mechanisms, needs to change.
  • Routing scalability issues There is a basic assumption about the scalability of Internet routing systems:
  • the address is assigned according to the topology, or the topology is deployed according to the address, and the two must choose one.
  • the identity attribute of an IP address requires that the IP address be assigned based on the organization to which the terminal belongs (rather than the network topology), and this allocation must be stable and cannot be changed frequently; the location attribute of the IP address requires the IP address to be based on the network.
  • the topology is allocated to ensure the scalability of the routing system. In this way, the two attributes of the IP address create conflicts, which eventually leads to the scalability problem of the Internet routing system.
  • the identity attribute of the IP address requires that the IP address should not change as the location of the terminal changes. This ensures that the communication bound to the identity is not interrupted, and that the terminal can still use its identity after the terminal is moved.
  • the communication link is established; the location attribute of the IP address requires the IP address to change as the terminal location changes, so that the IP address can be aggregated in the new network topology, otherwise the network must reserve a separate route for the mobile terminal.
  • Information which causes a sharp increase in routing table entries.
  • a number of township issues Many townships usually refer to terminals or networks that access the Internet through multiple ISP networks. The advantages of multiple township technologies include increasing network reliability, supporting traffic load balancing across multiple ISPs, and increasing overall available bandwidth.
  • IP addresses require that a plurality of home terminals always display the same identity to other terminals, regardless of whether the multiple township terminals access the Internet through several ISPs; and the location attribute of the IP address requires that multiple township terminals are different.
  • the ISP network uses different IP addresses to communicate, so that the IP address of the terminal can be aggregated in the topology of the ISP network.
  • IP address contains both the identity information and the location information of the terminal
  • both the communication peer and the malicious eavesdropper can obtain the identity information and topology location information of the terminal according to the IP address of the terminal.
  • the dual attribute problem of IP address is one of the fundamental reasons that plague the Internet to continue to develop. Separating the identity attribute and location attribute of an IP address is a good way to solve the problems faced by the Internet.
  • the new network will be designed based on this idea, and propose a network structure of separate mapping of identity information and location information to solve some serious drawbacks of the existing Internet.
  • the basic idea of all identity and location separation schemes is to separate the identity and location dual attributes originally bound to the IP address.
  • Some of the schemes use the application layer's URL (Uniform Resource Locator, which is an identification method for completely describing the address of web pages and other resources on the Internet.) or FQDN (Fully Qualified Domain Name) As a terminal identity, etc.; some schemes introduce a new namespace as an identity, such as HIP (Host Identity Protocol) to add a host identity on the network layer identified by the IP address; some schemes classify IP addresses, Part of the IP is used as the identity identifier, and some IPs are used as the location identifier.
  • the LID Licator/ID Separation Protocol
  • EID endpoint ID
  • RLOC Ringing Locator
  • the most representative one is a network-based solution.
  • the core idea is to divide the network into two parts, one part is the transmission network or the forwarding network, which is located at the center of the whole network; the other part is the edge network or the access network.
  • the access switch router is connected to the forwarding network; the address space and routing information of the access network and the forwarding network are isolated from each other.
  • the LISP scheme divides the IP address into an EID identity and an RLOC route identifier, and the EID is used as the identity of the end host.
  • the RLOC is the route identifier of the ITR/ETR (ingress Tunnel Router/Egress Tunnel Router).
  • the routing prefix information of the network host that is, the routing prefix information of the EID does not spread to the forwarding network, but the EID prefix information and the RLOC information are registered by the ITR/ETR on the mapping server.
  • the host 1 sends a packet to the host 2, the source address is EID ( a ), and the destination address is EID ( b ).
  • the ingress tunnel router ITR receives the 4 ⁇ message, it queries the mapping server to obtain the egress tunnel to which the end host 2 belongs.
  • the route identifier RLOC2 of the router ETR (the RLOC2 is also called the route identifier of the end host 2), and then the packet is encapsulated by the RLOC1 and the RLOC2 and sent to the ETR through the forwarding network.
  • the ETR receiving packet is decapsulated and sent to the host 2.
  • the advantage of the network-based location identity separation scheme is that the terminal does not need to be modified, and the existing terminal is directly used, thereby reducing the impact of the network evolution on the user, and also reducing the cost of the network transformation, but the solution has a problem.
  • the ITR receives the packet from the host to the host 2, it needs to go to the mapping server to find the mapping information of the EID/RLOC. After the mapping information is obtained, the ITR needs to be encapsulated and forwarded. This query process takes time. The ITR must perform the received packet. Cache, the longer the waiting time, the larger the amount of data cached, which will consume a lot of resources of the ITR device, affecting the normal forwarding performance of the ITR. At the same time, there are security risks, and it is easy to form an attack on the mapping server. Summary of the invention
  • the technical problem to be solved by the present invention is to provide a data packet processing method and an ingress tunnel router and system to improve data packet forwarding efficiency.
  • the present invention provides a data packet processing method, which is implemented based on a location identity separation (LISP) network, and uses a domain name system (DNS) server to store a correspondence between a host domain name and an identity (EID).
  • the method includes:
  • the source host sends a DNS query message to the DNS server, where the domain name of the destination host is carried, and the DNS server returns a DNS response containing the EID of the destination host to the source host.
  • ITR Ingress Tunnel Router
  • the ITR queries the mapping server according to the EID of the destination host to obtain a route identifier (RLOC) of the destination host;
  • the ITR After receiving the data packet sent by the source host to the destination host, the ITR forwards the data packet according to the RLOC of the destination host.
  • the ITR intercepts the DNS response packet from the received forwarding network packet by: according to the DNS packet format, the port number of the DNS, the identity of the DNS, or the routing identifier of the DNS, Whether the forwarding network packet is a DNS response packet.
  • the DNS query message is forwarded to the DNS server by the ITR.
  • the method further includes: after the ITR intercepts the EID of the destination host from the DNS response packet, the DNS response packet is sent. Forwarding to the source terminal; the source terminal sends a data packet to the destination host according to the EID of the destination host in the DNS response packet.
  • the step C includes: before the ITR queries the mapping server, first queries the local cache. If there is no mapping relationship between the EID and the RLOC of the destination host in the local cache, the mapping query request is sent to the mapping server according to the mapping server. The mapping query response obtains the RLOC of the destination host, and caches the mapping between the EID and the RLOC of the destination host.
  • step D after receiving the data packet sent by the source host to the destination host, the ITR first queries the local cache, and if the local cache does not have or is querying the mapping between the EID and the RLOC of the destination host, After the relationship is received, the packet is forwarded after waiting for the mapping query response of the mapping server.
  • the ITR uses the encapsulation mode to implement data packet forwarding.
  • the source address and the destination address of the data packet sent by the source host are the EIDs of the source host and the destination host respectively.
  • the method further includes: when the ITR forwards the data packet
  • the RLOC of the source host and the destination host are used to encapsulate the data packets sent by the source host.
  • the source and destination addresses of the encapsulated data packets are the RLOC of the source host and the destination host, respectively.
  • the packet also includes the EID of the source host and the destination host.
  • the present invention also provides an ingress tunnel router (ITR) located in a location identity separation (LISP) network, where the LISP network includes a DNS
  • the server is configured to: save the correspondence between the domain name and the identity of the host, the DNS query message sent by the host to be the host, and the EID of the host that carries the destination host to the host.
  • DNS response message, the ITR includes:
  • a listening module which is connected to the packet processing module, and configured to: listen to the DNS response packet, and intercept the identity identifier ( EID ) of the destination host in the response packet;
  • mapping query module which is connected to the listening module, and configured to: query the mapping server to obtain a routing identifier (RLOC) of the destination host according to the intercepted EID of the destination host; and a packet processing module,
  • the mapping query module and the listening module are connected, and are configured to: receive the data packet sent by the source host to the destination host, forward the data packet according to the RLOC obtained by the mapping query module; and receive and forward the packet from the forwarding network. The message sent to the source host of the ITR.
  • the listening module of the ITR is configured to listen to the DNS response packet in the forwarding network packet received by the packet processing module according to the following: a DNS packet format, a DNS port number, and a DNS
  • the identity identifier or the routing identifier of the DNS determines whether the received forwarding network packet is a DNS response.
  • the packet processing module is further configured to receive and forward a DNS query message sent by the source host to the DNS server and a DNS response message sent by the DNS server to the source host.
  • the ITR further includes a mapping information caching module connected to the mapping query module, where the mapping information caching module is configured to: a mapping relationship between an EID of the cache end host and an RLOC; the mapping query module is configured to pass the following The mode of obtaining the RLOC of the destination host: querying the mapping information cache module before querying the mapping server, if the mapping information cache module does not have the mapping relationship between the EID and the RLOC of the destination host, and then sending a mapping query request to the mapping server, The RLOC of the destination host is obtained according to the mapping query response of the mapping server.
  • the mapping query module is further configured to: save the mapping relationship between the EID and the RLOC of the destination host in the mapping information cache module.
  • the packet processing module of the ITR is configured to perform data packet forwarding by: after receiving the data packet sent by the source host to the destination host, notifying the mapping query module to query the mapping information cache module If there is no EID of the destination host in the mapping information cache module And the RLOC mapping relationship, after waiting for the mapping query module to receive the mapping query response of the mapping server, and then forwarding the packet.
  • the message processing module of the ITR is configured to implement data packet forwarding by using a package.
  • the present invention further provides a data message processing system, which is implemented based on a location identity separation (LISP) network, where the system includes an end host, an ingress tunnel router (ITR), and a DNS server. among them:
  • the end host includes a domain name query module and a packet sending and receiving module, wherein the domain name querying module is configured to: send a DNS query message carrying the domain name of the destination host to the DNS server, and receive the destination end returned by the DNS server The EID DNS response packet of the host; the packet sending and receiving module is configured to: send a data packet and receive a data packet to the destination host according to the destination host EID in the DNS response packet;
  • the ITR includes:
  • the listening module is connected to the packet processing module, and is configured to: listen to the DNS response packet, and intercept the identity identifier (EID) of the destination host in the response packet;
  • mapping query module which is connected to the listening module, and configured to: query the mapping server to obtain a routing identifier (RLOC) of the destination host according to the intercepted EID of the destination host; and a packet processing module,
  • the mapping query module and the listening module are connected, and are configured to: receive the data packet sent by the source host to the destination host, forward the data packet according to the RLOC obtained by the mapping query module; and receive and forward the packet from the forwarding network.
  • the DNS server is configured to: save the correspondence between the domain name and the identity of the host, the DNS query message sent by the host, and the DNS response to the host.
  • the listening module of the ITR is configured to listen to the DNS response packet in the forwarding network packet received by the packet processing module according to the following: a DNS packet format, a DNS port number, and a DNS
  • the identity identifier or the routing identifier of the DNS determines whether the received forwarding network packet is a DNS response.
  • the packet processing module is further configured to receive and forward a DNS query message sent by the source host to the DNS server and a DNS response message sent by the DNS server to the source host.
  • the ITR further includes a mapping information caching module connected to the mapping query module, where the mapping information caching module is configured to map a relationship between an EID of the cache host and an RLOC; and the mapping query module is configured to be configured as follows Obtaining the RLOC of the destination host: Querying the mapping information cache module before querying the mapping server, if the mapping information cache module does not have the mapping relationship between the EID and the RLOC of the destination host, and then sending a mapping query request to the mapping server, according to The mapping query response of the mapping server obtains the RLOC of the destination host.
  • the mapping query module is further configured to save the mapping relationship between the EID and the RLOC of the destination host in the mapping information cache module.
  • the packet processing module of the ITR is configured to perform data packet forwarding by: after receiving the data packet sent by the source host to the destination host, notifying the mapping query module to query the mapping information cache module If there is no mapping between the EID and the RLOC of the destination host in the mapping information cache module, the mapping query module waits for the mapping query response of the mapping server to perform packet forwarding.
  • the source address and the destination address of the data packet sent by the source host received by the packet processing module of the ITR are respectively an EID of the source host and the destination host; and the processing module further sets The data packet sent by the source host is encapsulated by the RLOC of the source host and the destination host.
  • the source and destination addresses of the encapsulated data packets are the source host and the destination host respectively.
  • the RLOC of the destination host also includes the EID of the source host and the destination host.
  • the data packet processing method and the main idea of the access service node of the present invention are based on a location identity separation (LISP) network.
  • ILR ingress tunnel router
  • FIG. 1 Schematic diagram of the composition of the network architecture with identity and location separation
  • FIG. 2 is a schematic flowchart of a data packet processing and processing method according to the present invention.
  • 3 is a schematic structural diagram of a module of an access service node according to the present invention
  • 4 is a block diagram showing the structure of a data message processing system of the present invention.
  • the data packet processing method and the main idea of the access service node of the present invention are based on a location identity separation (LISP) network.
  • ILR ingress tunnel router
  • the present invention is based on a location identity separation LISP (Locator/ID Separation Protocol) protocol network architecture to implement the mapping information transmission method of the present invention
  • the ITR Ingress Tunnel Router, the ingress tunnel router
  • receives the packet sent by the source host according to
  • the source host queries the packet returned by the domain name system (DNS) to hear the EID of the destination host, and then queries the mapping server for the EID/RLOC mapping information, so that the ITR waits after receiving the packet sent by the source host.
  • DNS domain name system
  • Querying the mapping information requires storing a large number of received packets, which affects the ITR forwarding performance.
  • the network architecture of the LISP protocol is a network-based location identity separation scheme.
  • the IP address of the existing Internet is divided into an EID (Endpoint identifier) and a Routing Locator (RLOC).
  • EID Endpoint identifier
  • RLOC Routing Locator
  • the advantage of the solution is that the current terminal host does not need to be changed.
  • the protocol stack, the compatibility of the terminal is good, the focus is on solving the scalability of the network routing scale, traffic engineering and mobility.
  • the network architecture of LISP is shown in Figure 1.
  • the terminal equipment, the ingress tunnel router ITR and the egress tunnel router ETR identified by the EID are used as the connection between the access network and the forwarding network. Understandably, the ingress tunnel router ITR and the egress tunnel router ETR are relatively speaking.
  • mapping information transmission method including:
  • the source host sends a DNS query message to the DNS server according to the domain name of the destination host to be accessed, where the domain name of the destination host is carried, and the DNS server returns the identity of the host including the destination host to the source host.
  • EID IP address
  • the source host uses the DNS client protocol to query the DNS server to obtain the identity EID of the destination host according to the domain name of the destination host.
  • the DNS server returns a response packet containing the destination host identity EID.
  • the source ingress tunnel router ITR listens to the response packet and intercepts the EID of the destination host.
  • the DNS server identity is a well-known address set by the system.
  • the DNS query and DNS response messages sent by the source host must be forwarded by the ITR.
  • the format of the DNS packet is as follows:
  • Identification field used for message identification, terminal setting, the DNS server uses the identifier to return the result;
  • Flag field 16 bits, the definition of the important bit segment is as follows:
  • QR 0 means query text
  • the problem part of the DNS query message usually has only one problem.
  • the format includes the query name, query type and query class.
  • the query name is the domain name that needs to be searched, such as "ZTE.COM.CN".
  • the query class is 1 refers to the Internet address IP, and the present invention is an identity.
  • the resource record in the DNS response message is as follows:
  • the domain name is the name corresponding to the resource data in the record, and its format is the same as the format of the previous query name segment.
  • Type Description The type code of the RR, which is the same as the previous query type value. Usually 1 for Internet data.
  • the lifetime is the number of seconds the client keeps the resource record, and the resource record typically has a lifetime of 2 days.
  • the resource data length indicates the number of resource data, the format of which depends on the value of the field type field, and for the type A resource data is a 4-byte IP address, which is an EID in the present invention.
  • the ITR intercepts the DNS response packet, and intercepts the identity identifier EID of the destination host in the response packet.
  • the ITR listens to the DNS response packet from the received forwarding network packet (the packet received from the forwarding network in the present invention is called a forwarding network packet), and determines whether the packet is a DNS response packet. Then, the EID of the destination host in the DNS response packet is extracted in real time, and the listening function is completed, and the DNS response packet is forwarded to the source host. After the source host receives the DNS response packet, the destination address is generated. The EID data packet of the host is sent to the ITR.
  • the ITR can determine whether the received packet is a DNS response packet according to the following three methods:
  • the ITR determines whether it is a DNS response packet according to the above-mentioned DNS packet format.
  • the DNS supports UDP and TCP, and uses a specific port number.
  • the port number of the DNS is 53
  • the destination port number of the DNS query is 53
  • the source port number of the DNS response is 53.
  • ITR Determine whether it is a DNS response packet according to the source port number; 3.
  • the DNS has a specific identity and route identifier. The ITR judges according to the identity or route identifier in the source address.
  • the ITR queries the mapping server according to the destination host EID to obtain the RLOC of the egress tunnel router to which the destination host belongs.
  • the ITR local cache has a mapping relationship
  • the ITR intercepts the mapping relationship of the local cache after intercepting the EID of the destination host. If the mapping relationship of the destination host is not found in the local cache, the ITR sends the mapping relationship to the mapping server of the location identity separation network. Mapping the query request, querying the RLOC of the egress tunnel router to which the destination host belongs according to the mapping of the mapping server, and storing the EID and RLOC of the destination host in the local cache according to the RLOC of the egress tunnel router to which the destination host belongs. Mapping relationship;
  • the ITR intercepts the destination host EID and directly queries the mapping server for the RLOC of the egress tunnel router to which the destination host belongs.
  • the query request carries the EID of the destination host, and queries the mapping server of the location identity separation network to query the mapping information, that is, the RLOC of the egress tunnel router to which the destination host belongs.
  • the ITR After receiving the data packet sent by the source host to the destination host, the ITR forwards the data packet according to the RLOC of the destination host.
  • the local cache is first queried. If the local cache does not have or is querying the destination host.
  • the mapping between the AID and the RID caches the data packet and waits for the response of the mapping query to be forwarded. If the mapping information returned by the mapping server is received, the data packet of the terminal should be received immediately.
  • the RLOC is cached in the local mapping table, so that the ITR can directly perform local query after receiving the data packet of the terminal.
  • the source and destination addresses of the data packets sent by the source host are the EIDs of the source and destination hosts.
  • the ITR After receiving the data packet sent by the source host to the destination host, the ITR queries the local cache according to the destination host EID in the data packet to obtain the destination host RLOC, and encapsulates the data packet by using the queried RLOC.
  • the source and destination addresses of the data packets are the source and destination hosts respectively.
  • the RLOC, and the encapsulated message also includes the EID of the source and destination hosts; and then sent to the egress tunnel router ETR through the forwarding network, and the ETR is decapsulated and sent to the destination host.
  • the ITR intercepts the DNS response packet, and intercepts the EID of the destination host in advance before receiving the data packet of the host, and forwards the mapping to the local host without mapping the mapping of the destination host locally.
  • the server performs queries to reduce the buffering of data packets, reduce the size of the buffer, and reduce the amount of data management tasks, so that the ITR device has more resources for data forwarding and improves the processing efficiency of the forwarding data.
  • the present invention further provides an ingress tunnel router (ITR), which is located in a location identity separation (LISP) network, where the LISP network includes a DNS server.
  • ITR ingress tunnel router
  • LISP location identity separation
  • the DNS query message carrying the domain name of the destination host sent by the host, and the DNS response packet carrying the EID of the destination host are returned to the end host.
  • the ITR includes:
  • a listening module which is connected to the packet processing module, and configured to listen to the DNS response packet, and intercept the identity identifier ( EID ) of the destination host in the response packet;
  • mapping query module which is connected to the listening module, and configured to query the mapping server to obtain a routing identifier (RLOC) of the destination host according to the intercepted EID of the destination host;
  • a message processing module which is connected to the mapping query module and the listening module, and configured to: receive, process, and forward data messages, DNS query and response messages, and mapping queries and response messages, and related to the present invention.
  • the device is configured to: receive a data packet sent by the source host to the destination host, forward the data packet according to the RLOC obtained by the mapping query module, and receive and forward the sent from the forwarding network to the source host of the ITR. Message.
  • the intercepting module of the ITR intercepts the DNS response packet from the forwarding network packet received by the packet processing module, according to the format of the DNS packet, the port number of the DNS, the identity of the DNS, or the DNS.
  • the route identifier determines whether the received forwarding network packet is a DNS response packet.
  • the packet processing module is further configured to: receive and forward a DNS query message sent by the source host to the DNS server, and a DNS response message sent by the DNS server to the source host.
  • the ITR further includes a mapping information cache module connected to the mapping query module.
  • the mapping information cache module is configured to: a mapping relationship between the EID of the cache host and the RLOC; before the mapping query module queries the mapping server, query the mapping information cache module first, if there is no destination end in the mapping information cache module
  • the mapping relationship between the EID and the RLOC of the host is sent to the mapping server, and the RLOC of the destination host is obtained according to the mapping query response of the mapping server, and the mapping between the EID and the RLOC of the destination host is saved to the mapping information cache module. relationship.
  • the packet processing module of the ITR After receiving the data packet sent by the source host to the destination host, the packet processing module of the ITR notifies the mapping query module to query the mapping information cache module, if there is no destination host in the mapping information cache module. After the mapping between the EID and the RLOC, the packet processing module internally caches the data packet, and waits for the mapping query module to receive the mapping query response of the mapping server, and then forwards the packet.
  • the packet processing module of the ITR implements data packet forwarding by using an encapsulation, as described above.
  • the present invention further provides a data message processing system, which is implemented based on a location identity separation (LISP) network, where the system includes an end host, an ingress tunnel router (ITR), and a DNS server, where:
  • the end host includes a domain name query module and a packet sending and receiving module, wherein the domain name querying module is configured to: send a DNS query message carrying the domain name of the destination host to the DNS server, and receive the destination end returned by the DNS server a DNS response packet of the EID of the host; the packet sending and receiving module is configured to send a data packet and receive a data packet to the destination host according to the destination host EID in the DNS response packet;
  • the ITR includes:
  • a listening module which is connected to the packet processing module, and configured to listen to the DNS response packet, and intercept the identity identifier (EID) of the destination host in the response packet;
  • mapping query module which is connected to the listening module, and configured to query the mapping server to obtain a routing identifier (RLOC) of the destination host according to the intercepted EID of the destination host;
  • a message processing module which is connected to the mapping query module and the listening module, and configured to: receive, process, and forward data messages, DNS query and response messages, and mapping queries and response messages, and related to the present invention.
  • the setting is: receiving the data packet sent by the source host to the destination host, Forwarding and forwarding the data packet according to the RLOC obtained by the mapping query module; and receiving and forwarding the packet sent from the forwarding network to the source host of the ITR;
  • the DNS server is configured to: save the correspondence between the domain name and the identity of the host, the DNS query message sent by the host, and the DNS response to the host.
  • the interception module of the ITR intercepts from the forwarded network packet received by the packet processing module
  • the DNS response packet is used to determine whether the received forwarding network packet is a DNS response packet according to the format of the DNS packet, the port number of the DNS, the identity of the DNS, or the routing identifier of the DNS.
  • the packet processing module is further configured to receive and forward a DNS query message sent by the source host to the DNS server and a DNS response message sent by the DNS server to the source host.
  • the ITR further includes a mapping information caching module connected to the mapping query module, where the mapping information caching module is configured to: a mapping relationship between an EID and an RLOC of the cache host; and the mapping query module queries the mapping server before querying
  • the mapping information cache module if the mapping information cache module does not have the mapping relationship between the EID and the RLOC of the destination host, sends a mapping query request to the mapping server, and obtains the RLOC of the destination host according to the mapping query response of the mapping server, and
  • the mapping information cache module saves the mapping relationship between the EID of the destination host and the RLOC.
  • the ITR packet processing module After receiving the data packet sent by the source host to the destination host, the ITR packet processing module notifies the mapping query module to query the mapping information cache module, if the mapping information cache module does not have the EID and RLOC of the destination host. In the mapping relationship, the packet processing module internally caches the data packet, and waits for the mapping query module to receive the mapping query response of the mapping server, and then forwards the packet.
  • the source and destination addresses of the data packets sent by the source host received by the ITR packet processing module are the EIDs of the source and destination hosts respectively.
  • the RLOCs of the source and destination hosts are used.
  • the data packet sent by the source host is encapsulated.
  • the source and destination addresses of the encapsulated data packet are the RLOC of the source and destination hosts, and the encapsulated packet also includes the EID of the source and destination hosts.
  • the egress tunnel router decapsulates and restores the received data packets.
  • the location identity separation (LISP) network further includes a mapping server configured to return an RLOC according to an ITR (or ETR) query.
  • the data packet processing method and the access service node of the present invention are implemented based on a location identity separation (LISP) network, which improves the forwarding efficiency of the ITR to the source host data packet, and improves the forwarding performance of the ITR.
  • LISP location identity separation

Abstract

La présente invention porte sur un procédé et un système de traitement de message de données réalisés sur la base d'un réseau à protocole de séparation localisateur/identificateur (LISP). Le procédé comprend les étapes suivantes : un hôte de point d'extrémité source envoie à un serveur de système de nom de domaine (DNS) un message d'interrogation DNS qui contient un nom de domaine d'un hôte de point d'extrémité de destination, et le serveur DNS renvoie un message de réponse DNS comprenant un identificateur de point d'extrémité (EID) de l'hôte de point d'extrémité de destination à l'hôte de point d'extrémité source (201) ; un routeur de tunnel d'entrée (ITR) intercepte le message de réponse DNS et capture l'EID de l'hôte de point d'extrémité de destination figurant dans le message de réponse (202) ; conformément à l'EID de l'hôte de point d'extrémité de destination, l'ITR interroge un serveur de mappage et acquiert un localisateur de routage (RLOC) de l'hôte de point d'extrémité de destination (203) ; et après réception d'un message de données envoyé par l'hôte de point d'extrémité source à l'hôte de point d'extrémité de destination, l'ITR réalise l'acheminement du message de données conformément au RLOC de l'hôte de point d'extrémité de destination (204). Par comparaison à l'état de la technique, le procédé et le système de traitement de message de données de la présente invention améliorent l'efficacité d'acheminement du message de données de l'hôte de point d'extrémité source par l'ITR et améliorent les performances d'acheminement de l'ITR.
PCT/CN2011/072490 2010-04-20 2011-04-07 Procédé de traitement de message de données, routeur de tunnel d'entrée et système WO2011131088A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010153056.2A CN102238058B (zh) 2010-04-20 2010-04-20 数据报文处理方法、入口隧道路由器及系统
CN201010153056.2 2010-04-20

Publications (1)

Publication Number Publication Date
WO2011131088A1 true WO2011131088A1 (fr) 2011-10-27

Family

ID=44833698

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/072490 WO2011131088A1 (fr) 2010-04-20 2011-04-07 Procédé de traitement de message de données, routeur de tunnel d'entrée et système

Country Status (2)

Country Link
CN (1) CN102238058B (fr)
WO (1) WO2011131088A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105915455A (zh) * 2016-04-06 2016-08-31 杭州华三通信技术有限公司 位置标识分离协议多归属实现方法及装置
US20180139133A1 (en) * 2016-11-11 2018-05-17 Futurewei Technologies, Inc. Method to Optimize Mapping for Multiple Locations of a Device in Mobility

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103167483B (zh) * 2011-12-15 2016-02-24 中国移动通信集团公司 一种基于隧道的数据转发方法、设备及系统
CN103825795A (zh) * 2013-12-05 2014-05-28 青岛海信电子设备股份有限公司 Ipip隧道自动识别创建的方法
CN103841028B (zh) * 2014-03-24 2017-02-08 杭州华三通信技术有限公司 一种报文转发方法及设备
CN103957161B (zh) * 2014-04-04 2017-12-29 新华三技术有限公司 一种报文转发方法及其装置
CN103973574B (zh) * 2014-05-19 2017-12-15 新华三技术有限公司 位置与身份分离协议网络中的数据报文转发方法及装置
CN104022956B (zh) * 2014-06-11 2017-05-10 新华三技术有限公司 一种名址分离协议网络中的数据报文处理方法和装置
CN111800458B (zh) * 2020-05-22 2021-04-23 浙商银行股份有限公司 一种Kubernetes容器云平台的动态负载均衡方法及系统
CN112911617A (zh) * 2021-01-20 2021-06-04 广东工贸职业技术学院 数据传输方法、装置、计算机设备和存储介质

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801764A (zh) * 2006-01-23 2006-07-12 北京交通大学 一种基于身份与位置分离的互联网接入方法
CN101656765A (zh) * 2009-09-14 2010-02-24 中兴通讯股份有限公司 身份位置分离网络的名址映射系统及数据传输方法

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801764A (zh) * 2006-01-23 2006-07-12 北京交通大学 一种基于身份与位置分离的互联网接入方法
CN101656765A (zh) * 2009-09-14 2010-02-24 中兴通讯股份有限公司 身份位置分离网络的名址映射系统及数据传输方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
HONGBIN LUO ET AL.: "A DHT-based Identifier-to-locator Mapping Approach for a Scalable Internet", IEEE TRANSACTION ON PARALLEL AND DISTRIBUTED SYSTEMS, vol. 20, no. 10, October 2009 (2009-10-01), pages 1 - 13 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105915455A (zh) * 2016-04-06 2016-08-31 杭州华三通信技术有限公司 位置标识分离协议多归属实现方法及装置
US20180139133A1 (en) * 2016-11-11 2018-05-17 Futurewei Technologies, Inc. Method to Optimize Mapping for Multiple Locations of a Device in Mobility
US10554551B2 (en) * 2016-11-11 2020-02-04 Futurewei Technologies, Inc. Method to optimize mapping for multiple locations of a device in mobility

Also Published As

Publication number Publication date
CN102238058B (zh) 2015-05-13
CN102238058A (zh) 2011-11-09

Similar Documents

Publication Publication Date Title
WO2011131088A1 (fr) Procédé de traitement de message de données, routeur de tunnel d'entrée et système
Atkinson et al. Identifier-locator network protocol (ILNP) architectural description
US8661525B2 (en) Implementation method and system of virtual private network
KR101399002B1 (ko) 가상 사설 네트워크의 실현 방법 및 시스템
WO2011069399A1 (fr) Procédé de mappage d'adresse et nœud de service d'accès
WO2011124132A1 (fr) Système et procédé de communications de données
WO2011131097A1 (fr) Procédé de traitement de message de données, système et nœud de service d'accès
US20060153230A1 (en) IPv6 / IPv4 translator
WO2011035710A1 (fr) Procédé de communication orienté utilisateur, procédé et dispositif d'enregistrement de route et système de communication
WO2011157126A2 (fr) Procédé de réacheminement de paquets et appareil de routage inter-réseaux
WO2011032462A1 (fr) Procédé d'envoi et de réception de données, système et routeur correspondants
Yan et al. Is DNS ready for ubiquitous Internet of Things?
US8547998B2 (en) Tunneling IPv6 packet through IPv4 network using a tunnel entry based on IPv6 prefix and tunneling IPv4 packet using a tunnel entry based on IPv4 prefix
CN111654443A (zh) 一种云环境下虚机IPv6地址直接访问公网的方法
WO2011124121A1 (fr) Système et procédé de communication de données inter-réseau
Pappas et al. Mobile host location tracking through DNS
WO2012075768A1 (fr) Procédé et système de contrôle de réseau de séparation de localisateur/identifiant
Cisco Configuring TCP/IP
Cisco Configuring IP
WO2012122710A1 (fr) Réseau support et procédé de transmission de données associé
KR101124635B1 (ko) IPv4/IPv6 연동 게이트웨이
WO2012075770A1 (fr) Procédé et système de blocage dans un réseau de séparation d'identité et de localisation
WO2012083685A1 (fr) Procédé et système d'amélioration de l'efficacité d'utilisation d'une table de mappage et de routage
WO2012019525A1 (fr) Procédé de communication fondé sur le protocole hip, système et dispositif
Jung et al. A new inter-networking architecture for mobile oriented internet environment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11771541

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11771541

Country of ref document: EP

Kind code of ref document: A1