WO2014079005A1 - Dispositif et procédé de réacheminement obligatoire d'adresse mac - Google Patents

Dispositif et procédé de réacheminement obligatoire d'adresse mac Download PDF

Info

Publication number
WO2014079005A1
WO2014079005A1 PCT/CN2012/084991 CN2012084991W WO2014079005A1 WO 2014079005 A1 WO2014079005 A1 WO 2014079005A1 CN 2012084991 W CN2012084991 W CN 2012084991W WO 2014079005 A1 WO2014079005 A1 WO 2014079005A1
Authority
WO
WIPO (PCT)
Prior art keywords
arp
gateway
mac address
destination
address
Prior art date
Application number
PCT/CN2012/084991
Other languages
English (en)
Chinese (zh)
Inventor
骆绍开
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201280002989.9A priority Critical patent/CN103404084B/zh
Priority to PCT/CN2012/084991 priority patent/WO2014079005A1/fr
Publication of WO2014079005A1 publication Critical patent/WO2014079005A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a MAC address forced forwarding device and method. Background technique
  • Layer 2 isolation is a virtual network technology that improves network security and isolates collision domains.
  • user hosts including virtual machines and physical terminal devices
  • MAC addresses By properly configuring Layer 2 network devices, user hosts (including virtual machines and physical terminal devices) corresponding to certain MAC addresses cannot be configured. Data exchange and communication between network devices.
  • the commonly used Layer 2 isolation implementation is to configure the port of the user host.
  • a VLAN Virtual Local Area Network
  • VMM Virtual Local Area Network
  • VMM Virtual Machine Manager
  • the gateway Whether in a virtual network or a non-virtual network, statistics and data monitoring for IP addresses and security of the network are necessary through the gateway.
  • the layer 2 isolation of multiple user hosts can be implemented in the virtual network and the non-virtual network, but belongs to the same VLAN.
  • the packet will be directly exchanged at the switch.
  • the packet can be directly exchanged through the bridge of the VMM. That is, in the above two application environments, the gateway cannot sense packets that are exchanged between terminals in the same VLAN. This results in the inability to perform proper traffic statistics and data monitoring for all messages communicating on the network.
  • the physical terminal or the VM can obtain the MAC addresses of other physical terminals or VMs in the same VLAN, and thus has a large network hazard.
  • a Layer 3 switch with MFF MAC Forced Forwarding
  • MFF MAC Forced Forwarding
  • the embodiment of the present invention provides a MAC address forced forwarding device and a method, which can implement all the packets to be forwarded to the gateway side as required, and implement traffic statistics of all the packets. Data monitoring and improved network security.
  • an embodiment of the present invention provides a MAC address forced forwarding device, including:
  • a receiving unit configured to receive an ARP request packet from a user host or a gateway
  • An ARP replying unit configured to construct an ARP response packet according to the source information and the destination information of the ARP request packet: according to the received host from the user host.
  • the source information and the destination information in the ARP request message are configured to construct an ARP reply packet with the MAC address of the gateway as the destination address, or obtain the corresponding information from the lookup table according to the source information and the destination information in the received ARP request packet of the gateway.
  • the destination MAC address constructing an ARP reply message with the destination MAC address as the source MAC address, and sending to the user host or gateway that sends the ARP request message.
  • the apparatus further includes a learning unit,
  • the receiving unit is further configured to receive an ARP response packet from the gateway;
  • the ARP pickup unit is further configured to parse the ARP response packet from the gateway;
  • the learning unit is configured to update the lookup table according to the source information and the destination information of the ARP response message from the gateway.
  • the apparatus further includes:
  • An enabling unit configured to enable the ARP pickup unit to enable a function for a VLAN
  • the switching unit is configured to send, according to the lookup table, the data packet sent by the user host to a corresponding destination user host or all user hosts in the same VLAN that belong to the same VLAN as the user host.
  • the apparatus includes:
  • a network card drive unit for driving a network card for driving a network card.
  • an embodiment of the present invention provides a method for forcibly forwarding a MAC address, including:
  • Receiving an ARP request packet from a user host or a gateway Constructing an ARP reply message according to the source information and the destination information of the ARP request packet: According to the received source information and destination information in the ARP request packet from the user host, constructing the ARP with the gateway MAC address as the destination address Responding to the message, or obtaining the corresponding destination MAC address from the lookup table according to the source information and the destination information in the received ARP request message from the gateway, configured to
  • the source IP address and the destination IP address in the source information of the user host ARP request packet are respectively used as the destination IP address of the ARP reply packet to be constructed.
  • the step of constructing an ARP response packet according to the source information and the destination information of the ARP request packet in: If the record of the MAC address of the gateway is not recorded in the lookup table, the IP address of the gateway is used as the destination IP address of the ARP reply message to be constructed, and the ARP reply message is constructed.
  • the method further includes: receiving an ARP response packet from the gateway;
  • the lookup table is updated according to the source information and the destination information of the ARP reply message from the gateway.
  • the step of updating the lookup table according to the source information and the destination information of the ARP response message from the gateway is : if the MAC address of the gateway is already recorded in the lookup table, the lookup table is not updated; otherwise, the MAC address of the gateway is recorded.
  • an embodiment of the present invention provides a MAC address forced forwarding device, including a central processing unit and a memory, where the memory storage computer executes an instruction, and the central processing unit and the memory are connected by using a communication bus.
  • the central processor executes the computer-executed instructions stored in the memory, such that the MAC address-forced forwarding device performs the method of any of the second aspects.
  • an embodiment of the present invention provides a computer readable medium, comprising: computer executable instructions, when a central processor of a computer executes the computer to execute an instruction, the computer Executing the instructions for causing a computer to perform the method according to any one of the second aspects of the present invention, the MAC address forcing forwarding device and the method of the present invention, and effectively implementing the MAC address forced forwarding function, effectively implementing the user host between Under the premise of Layer 2 isolation, all packets in a specific VLAN are forwarded to the gateway. On the other hand, traffic statistics and data monitoring for all packets are implemented, and network performance is improved. In addition, since the MFF function can be deployed in a network card or a network card driver, the cost of the network configuration is low.
  • FIG. 1 is a schematic block diagram of a conventional Layer 2 isolation for a non-virtual network
  • FIG. 2 is a schematic block diagram of a conventional Layer 2 isolation of a virtual network
  • FIG. 3 is a schematic diagram of a MAC address forced forwarding device according to Embodiment 1 of the present invention; Structure diagram;
  • FIG. 4 is a block diagram showing another structure of a MAC address forced forwarding device according to Embodiment 1 of the present invention.
  • FIG. 5 is a schematic structural diagram of a virtual network system according to Embodiment 2 of the present invention
  • FIG. 6 is a flowchart of performing MAC address forced forwarding according to the method for forcibly forwarding a MAC address in a virtual network system according to Embodiment 1 of the present invention;
  • FIG. 7 is a schematic diagram of a process flow of a network card in a virtual network system according to Embodiment 2 of the present invention, which allows certain VMs to perform internal packet exchange and implement Layer 2 isolation;
  • FIG. 8 is a schematic diagram of a network card in a virtual network system according to Embodiment 2 of the present invention; a block diagram of the switching unit;
  • FIG. 9 is a structural block diagram of a MAC address forced forwarding device according to Embodiment 3 of the present invention.
  • FIG. 10 is a schematic structural diagram of a virtual network system according to Embodiment 3 of the present invention
  • FIG. 11 is a structural block diagram of a MAC address forced forwarding apparatus according to Embodiment 4 of the present invention. detailed description
  • exemplary is used exclusively herein to mean “serving as an example, embodiment, or illustrative.” Any embodiment described herein as “exemplary” is not necessarily to be construed as preferred or advantageous.
  • the present invention provides a MAC address forced forwarding device.
  • the device is based on the MFF (MAC Forced Forwarding) function, and the ARP (Address Resolution Protocol) message will be different.
  • MFF MAC Forced Forwarding
  • ARP Address Resolution Protocol
  • the apparatus includes: a receiving unit 3 10, an ARP pickup unit 320, a transmitting unit 330, and a learning unit 340. among them:
  • the receiving unit 3 10 is configured to receive an ARP request from a user host or a gateway.
  • ARP is a protocol that determines its MAC address when it only knows the IP address of a network device.
  • the ARP request message is used to obtain a MAC address corresponding to an IP address in the network, most of which is a broadcast message; the ARP response message is used to inform other hosts of the local IP address and MAC address.
  • a type of message most of which is a unicast message.
  • the ARP pickup unit 320 is configured to perform an MFF function, and is configured to construct an ARP response packet according to the source information and the destination information of the ARP request packet, in which: the source according to the received ARP request packet from the user host.
  • the information and the destination information (including the source IP address, the source MAC address, and the destination IP address), and the ARP reply packet with the MAC address of the gateway as the destination address, or according to the received ARP request packet from the gateway.
  • the source information and the destination information are searched for a corresponding destination MAC address from the lookup table, and an ARP response packet with the destination MAC address as the source MAC address is constructed.
  • the lookup table may be a global linked list stored in the ARP pickup unit, and record the correspondence between the IP address and the MAC address of the user host and the gateway, and also record the MFF enable information of the ARP pickup unit for each VLAN, and other The functionality of the unit is based on interacting with the information in the lookup table.
  • the sending unit 330 is configured to send the ARP reply message constructed by the ARP pickup unit 320 to the user host or gateway that sends the ARP request message.
  • the receiving unit 310 is further configured to receive an ARP response packet from the gateway, where the ARP replying unit 320 is further configured to parse the ARP response packet from the gateway, so that the learning unit 340 can be based on the source information and the destination information of the ARP response packet. Update the lookup table.
  • the MAC address forcing device in the embodiment of the present invention by deploying the MFF function, transfers all the packets in the VLAN domain enabled with the MFF function to the gateway under the premise of effectively implementing the Layer 2 isolation between the user hosts. On the side, traffic statistics and data monitoring for IP addresses are implemented, which improves network performance.
  • the embodiment of the present invention further provides a method for forcibly forwarding a MAC address based on the MAC address forcing forwarding device, the method comprising the following steps: a receiving step, configured to receive an ARP request message from a user host or a gateway.
  • the ARP proxying step is configured to construct an ARP response packet according to the source information and the destination information of the ARP request packet, specifically: according to the received source information and destination information in the ARP request packet from the user host,
  • the destination MAC address is configured in the lookup table by using the MAC address of the gateway as the destination address of the ARP reply packet, or the source information and the destination information in the received ARP request packet from the gateway.
  • the ARP reply packet whose address is the source MAC address.
  • a sending step configured to send the ARP reply message constructed in the ARP pickup step to the user host or the gateway that sends the ARP request message.
  • the learning step updates the lookup table based on the source information and the destination information of the ARP response message received at the receiving step. In other words, if the MAC address of the gateway has been recorded in the lookup table, the lookup table is not updated; otherwise, the MAC address of the gateway is recorded.
  • the ARP request broadcast message from the user host If there is a record of the corresponding gateway MAC address in the lookup table, the source IP address and the destination IP address in the source information of the message As the destination IP address and source IP address of the ARP reply packet to be constructed, the source MAC address is used as the destination MAC address of the ARP reply packet to be constructed, and the gateway MAC address is used as the source MAC address of the ARP reply packet to be constructed. And constructing the ARP response message. In this way, in the ARP table stored in the user host, the MAC address of all the peers will be the MAC address of the gateway, and the destination MAC address in the unicast text sent by the user host will all point to the gateway.
  • the IP address of the gateway is used as the destination IP address of the ARP reply packet, and the ARP response packet is constructed.
  • the learning unit can learn the MAC address of the gateway according to the response message in the learning step.
  • the ARP request packet from the gateway searches the lookup table according to the destination IP address in the destination information, obtains the MAC address of the corresponding destination user host, and uses the source MAC address of the ARP request packet as the source MAC address of the ARP request packet.
  • the destination MAC address of the ARP reply packet to be constructed can replace the user's host with the destination MAC address to make a correct ARP response.
  • the MAC address forced forwarding apparatus 400 of the present embodiment further includes an enabling unit 410 and an switching unit 420 on the basis of each unit included in the MAC address forced forwarding apparatus of the first embodiment. among them:
  • the enabling unit 410 is configured to enable the ARP pickup unit 320 to enable the MFF function for a certain VLAN.
  • the switching unit 420 has a Layer 2 switching function, which is also called a vSwitch function, for the user to use according to the lookup table.
  • the data packets sent by the host are sent to the corresponding destination user host in the same VLAN as the user host or all user hosts in the same VLAN.
  • the MAC address forcing device 400 of the present embodiment can deploy each functional unit on the network card, so that whether the non-virtualized common network or the virtualized network can implement the Layer 2 isolation, all the MFFs can be enabled.
  • the functions in the VLAN are transferred to the gateway to implement traffic statistics and data monitoring for all packets, and to improve network security.
  • the functional units are deployed on the network card, and the cost of network configuration is low.
  • this embodiment further provides a virtual network system including a network card 520 in which each functional unit of the MAC address forced forwarding device shown in FIG. 4 is deployed.
  • the user host is deployed in each service.
  • the plurality of virtual machines (VMs) on the device 5 10 and the lookup table corresponds to a global linked list storing the "Queue ID-IP-MAC" table, which records the mapping relationship between the queue ID, the IP address, and the MAC address.
  • the corresponding team ID can be queried, and the IP address and MAC address of the virtual machine corresponding to the queue can be queried according to the ID of the team.
  • the virtual machine manager (VMM) 511 is responsible for creating virtual machines, allocating virtual network devices with exclusive resources, and managing virtual machines and physical resources. For example, the virtual machine manager assigns a unique NIC resource to a virtual machine to establish a correspondence.
  • the virtual machine manager manages virtual machines and physical resources into two categories: front-end mode and pass-through mode. In the front-end mode, all virtual machine access to the virtual network device needs to be forwarded by the virtual machine manager, but in the direct mode, the virtual network device can be directly accessed through the virtual machine manager and Corresponding actual physical resources.
  • Virtual Machine Device Queue (VMDQ) is an implementation of the pass-through mode.
  • I/O Virtualization is another implementation of the pass-through mode.
  • the IOV implements the partitioning of multiple configuration spaces by hardware, and each configuration space is exclusive to a single virtual machine.
  • the network card 520 supports the VMDQ or IOV pass-through mode function, so that each virtual machine in the server 5 10 can directly access the network card 520 resources. At this time, the virtual machine can bypass the virtual machine manager 5
  • the bridge in 1 1 directly exchanges messages with the network card 520 via the bus PCI 530.
  • the network card 520 picks up the ARP request sent by all the virtual machines with the MAC address of the gateway 550, and the ARP for the gateway 550 side. The request, the network card 520 performs the pickup by the MAC address of the virtual machine corresponding to the ARP request.
  • the user can configure parameters in the management domain DomainO of the virtual machine manager 5 11 as needed to enable the network card 520 to forward the MAC address of certain VLANs to implement all the packets of certain virtual machines. Go to the gateway side, some virtual machines can directly exchange internal messages. As shown in FIG. 6, the process of forcibly forwarding the MAC address by the network card 520 in the virtual network system of this embodiment according to the method in Embodiment 1 is as follows:
  • step S501 the network card receives the ARP request message.
  • step S502 the network card determines whether the received ARP request message is an ARP request message sent by the VM inside the VLAN enabled by the network card; if yes, step S503 is performed; otherwise, step S510 is performed.
  • step S503 the received ARP packet is parsed, and the source information and the destination information are obtained.
  • step S504 the ARP pickup unit of the network card constructs an ARP response message.
  • the specific configuration is as follows: If the gateway MAC address is recorded in the "team ID-IP-MAC" table, the source IP address and the destination IP address of the ARP request message are respectively used as the ARP reply packets to be constructed. The destination IP address and the source IP address are used as the destination MAC address of the ARP reply packet to be constructed, and then the gateway MAC address is used as the source MAC address of the ARP reply packet to be constructed.
  • Step S505 If only the MAC address of the gateway is not recorded in the "Queue ID-IP-MAC” table, the destination IP address of the ARP reply message to be constructed is changed to the gateway IP address, and step S505 is performed. If neither the MAC address of the gateway nor the IP address of the gateway is recorded, the processing is not performed, and step S505 is performed. In step S505, the ARP reply message constructed by the ARP pickup unit is sent out through the corresponding port.
  • step S510 the received ARP request message is parsed, and the source information and the destination information are obtained.
  • step S5 1 1 the "Queue ID-IP-MAC" table maintained in the network card is searched according to the destination IP address of the acquired ARP request message, to obtain the corresponding queue MAC address, and the queue MAC is found. After the address, the processing proceeds to step S52.
  • step S52 the ARP pickup unit of the network card constructs an ARP response message.
  • the specific configuration is as follows: The source IP address and the destination IP address of the ARP request packet are respectively used as the destination IP address and source IP address of the ARP reply packet to be constructed, and the source MAC address of the ARP request packet is used as the response to be constructed. The destination MAC address of the message, and then the found queue MAC address is used as the source MAC address of the response message to be constructed.
  • step S53 the ARP reply message constructed by the ARP pickup unit is sent from the port receiving the ARP request message to the requester virtual machine of the ARP request message.
  • the network card performs the correct ARP response instead of the virtual machine.
  • the NIC After receiving the ARP reply message, the NIC performs the following processing on the unicast ARP reply message from the gateway: when the gateway MAC address is not recorded in the "Queue ID-IP-MAC" table, The gateway MAC address in the text is recorded in the global linked list, and the message is discarded.
  • the network card After receiving the ARP response message from the virtual machine, the network card performs the following processing after receiving the ARP response message: if the destination MAC address is the gateway MAC address, the network port sends the message through the corresponding port. If not, the network card is released. The text. For non-ARP request or response packets, the network card does not process any of them, so that it is sent directly through the corresponding port of the network card or sent to the corresponding virtual machine through the bus.
  • FIG. 7 shows a process in which a virtual machine in a certain VLAN that is not enabled by the network card according to the embodiment performs internal message exchange and implements Layer 2 isolation.
  • step S601 the unicast packet sent by the virtual machine is parsed to obtain the destination MAC address.
  • step S602 the "Queue ID-IP-MAC" table maintained in the network card is searched according to the destination MAC address, and the corresponding queue ID is obtained.
  • step S603 the network card forwards the message to the found queue, and finally sends the message to the correct virtual machine.
  • the network card in the virtual network system of this embodiment can implement such a function: all the packets sent by the virtual machine in the VLAN that enables the function of the MAC address forced forwarding device arrive at the gateway side, so as to implement the second
  • the gateway performs traffic statistics and data monitoring on all packets.
  • the gateway for the transmission of text between virtual machines in the VLAN that does not need to be monitored, it is directly exchanged through the vSwitch in the network card. Units are exchanged without forcing forwarding to the gateway side.
  • the exchange unit 420 For the vSwitch function of the switching unit 420, it is responsible for exchanging the text in the VLAN for determining the destination to which the packet is to be sent according to the destination MAC address and related configuration of the message.
  • the exchange unit 420 yuan is divided into four modules: a configuration module (Config) 421, a table space module (Table Space) 422, a packet receiving module (RX) 423, and a packet sending module (TX) 424.
  • the configuration module 421 is responsible for the initialization and information configuration of the switching unit 420.
  • the table space module 421 maintains a free node space and a hash table for recording and finding intersections. Change information.
  • the receiving module 423 and the sending module 424 respectively process the received and sent messages to implement the packet switching function. specifically:
  • the table space module 422 includes functions of operations such as adding/deleting/finding nodes, and each node includes a MAC address, a VLAN ID, and a queue ID information.
  • the configuration module 421 is responsible for module initialization and information configuration, and includes: a. Setting the Layer 2 switching of the VLAN. This information is stored in the global VLAN information.
  • the receiving module 423 performs the following processing on the received packet: For the unicast packet, the hash table node is searched according to the VLAN ID and the destination MAC address of the packet, and if found, the packet is filled with the queue ID, otherwise the packet is discarded. For broadcast packets, the message is sent to all queues under the VLAN.
  • the sending module 424 performs the following processing on the packet to be sent: It is determined whether the internal switching needs to be performed. The condition that the internal switching function is enabled in both the VLAN and the queue must be met. Otherwise, the packet is directly passed through the sending module. When the internal exchange is required, the unicast packet is searched for the hash table node according to the VLAN ID and the destination MAC address of the packet. If found, the packet is filled with the queue ID and the packet is forwarded to the receiving side. Otherwise, nothing is done. Processing, so that the message passes directly through the sending module. When internal switching is required, for broadcast packets, all the packets in the VLAN (except the own queue) are sent (both to the receiving side), and then the packets are passed. The module does not perform any processing on the broadcast packet, and continues Continue to send the broadcast message
  • the present embodiment provides a MAC address forced forwarding device 900, which further includes a network card driving unit 910 based on the units included in the MAC address forced forwarding device of Embodiment 1.
  • the network card driving unit 910 is used to drive the network card.
  • the MAC address forcing and forwarding device 900 of the embodiment can deploy each functional unit on the network card driver.
  • the common network or the virtualized network whether it is a non-virtualized network, can transfer all the packets to the gateway side while implementing Layer 2 isolation, and implement traffic statistics and data monitoring for all packets, and improve network security.
  • the deployment of each functional unit on the NIC driver has a lower cost of network configuration.
  • this embodiment further provides a virtual network system including a network card driver 1111 in which the functional units of the MAC address forced forwarding device 900 shown in FIG. 9 are deployed, and the virtual network system is provided in Embodiment 2.
  • the virtual network system is similar, except that the virtual network of the embodiment has the network card driver 1111 of the server 1100 in the system only when the front-end mode is used, and the bridge exists in the virtual machine manager 1110. Since the bridge exists in the virtual machine manager 1110, the packets between the virtual machines can be virtually exchanged through the bridge, so the network card 1150 cannot monitor the communication between the virtual machines, so the same as the first and second embodiments are implemented.
  • the functional modules of the MAC address forced forwarding device of Embodiment 1 are deployed in the virtual machine manager 1110.
  • the DomainO NIC driver 1111 enables the MAC address to be forwarded by the NIC driver 1111 before the packet arrives at the bridge.
  • the VM1 when the VM1 sends an ARP request, it is intercepted by the network card driver 1111 and ARP is picked up by the MAC address of the gateway 1150, and all the messages of the VM1 are sent to the gateway 1150. Therefore The bridge in the virtual machine manager 11 10 cannot perform Layer 2 switching according to the destination MAC address.
  • the ARP pickup unit When the ARP request sent by the gateway 1 150 is sent to the network card driver 1 1 1 1 1 , the ARP pickup unit will query the MAC address of the corresponding virtual machine according to the destination IP address and perform ARP pickup.
  • FIG. 11 is a schematic structural diagram of a MAC address forced forwarding device 1200 according to an embodiment of the present invention.
  • the specific embodiment of the present invention does not limit the specific implementation of the MAC address forced forwarding device.
  • the MAC address forcible forwarding device 1200 can include:
  • a processor 1210 a communications interface 1220, a memory 1230, and a communication bus 1240. among them:
  • the processor 1210, the communication interface 1220, and the memory 1230 complete communication with each other via the communication bus 1240.
  • the communication interface 1220 is configured to communicate with a network element such as a client.
  • the processor 1210 is configured to execute the program 1232, and specifically, the related steps in the method embodiment shown in FIG. 6 to FIG. 7 above may be performed.
  • program 732 can include program code, the program code including computer operating instructions.
  • the processor 1210 may be a central processing unit CPU, or an Application Specific Integrated Circuit (ASIC), or one or more integrated circuits configured to implement embodiments of the present invention.
  • CPU central processing unit
  • ASIC Application Specific Integrated Circuit
  • the memory 1230 is configured to store the program 1232.
  • the memory 1230 may include a high speed RAM memory and may also include a non-volatile memory such as at least one disk memory.
  • the program 1232 may specifically include: the receiving unit is configured to receive an ARP request from the user host or the gateway.
  • the ARP pickup unit is configured to construct an ARP response message by using the source information and the destination information of the ARP request packet, in which: the source information and the destination information (including the source) in the message according to the received ARP request from the user host.
  • IP address, source The MAC address and the destination IP address are used to construct an ARP reply packet with the MAC address of the gateway as the destination address, or the source information and the destination information in the received ARP request packet of the gateway are searched for from the lookup table.
  • the destination MAC address is configured to construct an ARP reply message with the destination MAC as the source MAC address.
  • the lookup table is equivalent to the global linked list stored in the ARP pickup unit, and records the correspondence between the IP address and the MAC address of the user host and the gateway, and also records the MFF enable information of the ARP pickup unit for each VLAN, and other The functionality of the unit is based on interacting with the information in the lookup table.
  • a sending unit configured to send the ARP response packet constructed by the ARP pickup unit 320 to the user host or the gateway that sends the ARP request message.
  • the learning unit is capable of updating the lookup table according to the source information and the destination information of the ARP reply message.
  • each unit in the program 1232 For the specific implementation of each unit in the program 1232, reference may be made to the corresponding units in the embodiment shown in FIG. 3 to FIG. 5 and FIG. 7 , and details are not described herein. A person skilled in the art can clearly understand that, for the convenience and brevity of the description, the specific working process of the device and the module described above can be referred to the corresponding process description in the foregoing method embodiments, and details are not described herein again.
  • the functions may be stored in a computer readable storage medium if implemented in the form of a software functional unit and sold or used as a standalone product. Based on such an understanding, a part of the technical solution of the present invention that contributes in essence or to the prior art or a part of the technical solution may be in the form of a software product. It is embodied that the computer software product is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the methods of the various embodiments of the present invention. step.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un dispositif et un procédé de réacheminement obligatoire d'adresse MAC relevant du domaine technique des télécommunications. Le dispositif comprend : une unité de réception recevant un message de demande d'un ARP (Protocole de résolution d'adresse) ; une unité d'acquisition d'ARP construisant un message de réponse ARP en utilisant une adresse MAC (Contrôle d'accès au support) d'une passerelle en tant qu'adresse cible conformément aux informations de source et aux informations de cible contenues dans le message de demande ARP reçu ; ou construisant un message de réponse ARP en utilisant une adresse MAC cible en tant qu'adresse MAC source par recherche de l'adresse MAC cible correspondante ; et une unité d'envoi envoyant le message de réponse ARP à un hôte utilisateur ou à une passerelle envoyant le message de demande ARP. Le dispositif et le procédé de la présente invention permettent de réacheminer tous les messages d'un réseau local virtuel (VLAN) spécifique vers un côté passerelle sous réserve de l'obtention effective d'une isolation de couche 2 entre des hôtes utilisateurs, d'obtenir des statistiques de trafic et de surveiller les données pour détecter les adresses IP, et d'améliorer les performances du réseau.
PCT/CN2012/084991 2012-11-21 2012-11-21 Dispositif et procédé de réacheminement obligatoire d'adresse mac WO2014079005A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201280002989.9A CN103404084B (zh) 2012-11-21 2012-11-21 Mac地址强制转发装置及方法
PCT/CN2012/084991 WO2014079005A1 (fr) 2012-11-21 2012-11-21 Dispositif et procédé de réacheminement obligatoire d'adresse mac

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2012/084991 WO2014079005A1 (fr) 2012-11-21 2012-11-21 Dispositif et procédé de réacheminement obligatoire d'adresse mac

Publications (1)

Publication Number Publication Date
WO2014079005A1 true WO2014079005A1 (fr) 2014-05-30

Family

ID=49565858

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/084991 WO2014079005A1 (fr) 2012-11-21 2012-11-21 Dispositif et procédé de réacheminement obligatoire d'adresse mac

Country Status (2)

Country Link
CN (1) CN103404084B (fr)
WO (1) WO2014079005A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115086272A (zh) * 2022-06-23 2022-09-20 杭州云合智网技术有限公司 Arp代答方法、装置、设备及存储介质

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015100593A1 (fr) 2013-12-31 2015-07-09 华为技术有限公司 Procédé de transmission de messages, appareil et système de communication
EP3300318B1 (fr) 2015-06-30 2021-06-23 Huawei Technologies Co., Ltd. Procédés pour communiquer en utilisant un port d'élément de réseau d'extrémité éloignée, et dispositifs
CN105872117A (zh) * 2015-10-26 2016-08-17 乐视云计算有限公司 获取mac地址的方法、虚拟机管理器及系统
CN105553698A (zh) * 2015-12-09 2016-05-04 福建天晴数码有限公司 基于局域网的流量统计方法及其系统
CN107181681B (zh) * 2016-03-10 2022-02-25 中兴通讯股份有限公司 Sdn二层转发方法及系统
CN107395508B (zh) * 2016-05-17 2020-04-14 华为技术有限公司 转发报文的方法和装置
CN106789756A (zh) * 2016-12-26 2017-05-31 腾讯科技(深圳)有限公司 一种基于操作系统内核网桥的数据发送方法和装置
CN107360058A (zh) * 2017-07-12 2017-11-17 郑州云海信息技术有限公司 一种实现流量监控的方法及装置
CN107547346B (zh) * 2017-07-24 2021-02-26 新华三技术有限公司 一种报文传输方法和装置
CN109525601B (zh) 2018-12-28 2021-04-27 杭州迪普科技股份有限公司 内网中终端间的横向流量隔离方法和装置
CN116208658A (zh) * 2019-09-06 2023-06-02 华为云计算技术有限公司 混合云环境中的通信方法及网关、管理方法及装置
CN111130981B (zh) * 2019-12-24 2022-05-20 锐捷网络股份有限公司 一种mac地址的代理应答方法及装置
CN111654558B (zh) * 2020-05-29 2023-02-28 杭州迪普科技股份有限公司 Arp交互与内网流量转发方法、装置和设备
CN115242748A (zh) * 2022-07-04 2022-10-25 裕太微电子股份有限公司 一种降低计算机系统功耗的方法及低功耗计算机系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1972230A (zh) * 2006-11-09 2007-05-30 杭州华为三康技术有限公司 一种无线局域网地址解析协议广播方法及接入控制器
CN101123614A (zh) * 2007-09-04 2008-02-13 中兴通讯股份有限公司 一种处理地址解析协议报文的方法及通信装置
CN101924707A (zh) * 2010-09-27 2010-12-22 杭州华三通信技术有限公司 地址解析协议报文的处理方法和设备

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100596111C (zh) * 2007-07-16 2010-03-24 杭州华三通信技术有限公司 无vlan虚接口情况下发送arp请求的方法和装置
CN101577722B (zh) * 2009-06-03 2012-09-05 中兴通讯股份有限公司 实现强制mac转发功能的方法和装置

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1972230A (zh) * 2006-11-09 2007-05-30 杭州华为三康技术有限公司 一种无线局域网地址解析协议广播方法及接入控制器
CN101123614A (zh) * 2007-09-04 2008-02-13 中兴通讯股份有限公司 一种处理地址解析协议报文的方法及通信装置
CN101924707A (zh) * 2010-09-27 2010-12-22 杭州华三通信技术有限公司 地址解析协议报文的处理方法和设备

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115086272A (zh) * 2022-06-23 2022-09-20 杭州云合智网技术有限公司 Arp代答方法、装置、设备及存储介质
CN115086272B (zh) * 2022-06-23 2023-11-21 杭州云合智网技术有限公司 Arp代答方法、装置、设备及存储介质

Also Published As

Publication number Publication date
CN103404084B (zh) 2017-11-17
CN103404084A (zh) 2013-11-20

Similar Documents

Publication Publication Date Title
WO2014079005A1 (fr) Dispositif et procédé de réacheminement obligatoire d'adresse mac
US20210200578A1 (en) Method and apparatus for determining virtual machine migration
US11283650B2 (en) Method for sending virtual extensible local area network packet, computer device, and computer readable medium
JP5946532B2 (ja) データセンタ環境で物理ネットワークに仮想ネットワークをオーバーレイするための方法、オーバーレイ仮想ネットワークで通信するための方法、ネットワーク仮想化環境のためのシステム、データセンタおよびコンピュータ・プログラム
US9940153B2 (en) Method for generating configuration information, and network control unit
JP6931644B2 (ja) 高性能コンピューティング環境におけるサブネット間パーティションをサポートするためのシステムおよび方法
JP7034187B2 (ja) データ処理方法、ネットワークインタフェースカード、及びサーバ
CN107070691B (zh) Docker容器的跨主机通信方法和系统
US9461943B2 (en) Network assisted virtual machine mobility
EP2874359B1 (fr) Commutateurs de réseaux Ethernet étendus
US11522763B2 (en) Agent-based network scanning in software-defined networking (SDN) environments
US11032183B2 (en) Routing information validation in SDN environments
EP2309680B1 (fr) API de commutation
US20150180959A1 (en) Network interface controller supporting network virtualization
JP2020515188A (ja) 高性能コンピューティング環境においてパーティションメンバーシップに関連して定義されるマルチキャストグループメンバーシップを提供するシステムおよび方法
JP2019503595A5 (fr)
WO2018024187A1 (fr) Surveillance de messages
WO2015003295A1 (fr) Procédé, dispositif et système de communication dans un domaine virtuel
WO2018171722A1 (fr) Synchronisation d'adresse mac
US11949660B2 (en) Methods for enabling enhanced firewall rules via ARP-based annotations
JP2013239996A (ja) 計算機、データ変換装置、通信方法及びプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12888655

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12888655

Country of ref document: EP

Kind code of ref document: A1