WO2015188706A1 - Procédé, dispositif et système de traitement de trame de données - Google Patents

Procédé, dispositif et système de traitement de trame de données Download PDF

Info

Publication number
WO2015188706A1
WO2015188706A1 PCT/CN2015/080427 CN2015080427W WO2015188706A1 WO 2015188706 A1 WO2015188706 A1 WO 2015188706A1 CN 2015080427 W CN2015080427 W CN 2015080427W WO 2015188706 A1 WO2015188706 A1 WO 2015188706A1
Authority
WO
WIPO (PCT)
Prior art keywords
port
switching device
data frame
identifier
bound
Prior art date
Application number
PCT/CN2015/080427
Other languages
English (en)
Chinese (zh)
Inventor
郑合文
管红光
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2015188706A1 publication Critical patent/WO2015188706A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a data frame processing method, apparatus, and system.
  • NFV network function virtualization
  • LACP Link Aggregation Control Protocol
  • the LACP sends the LACP packet to the receiver through LACP.
  • the LACP packet carries the port information of the sender. After receiving the data frame, the receiving end determines the port status of the transmitting end.
  • the destination media access control (MAC) address of the LACP packet is a specific MAC address (for example, 01-80-C2-00-00-02) ), any data frame received by the switch with the destination MAC address of 01-80-C2-00-00-02 must be handed over to the central processing unit (Central Processing Unit, CPU for short) of the local switch, and must not continue to the receiving end. Forward.
  • the CPU performs local termination of the data frame through a protocol stack running on the CPU.
  • a virtual firewall and a virtual switch run on the same server, and the vSwitch is connected to an Ethernet switch.
  • the virtual firewall sends LACP packets to the vSwitch.
  • the LACP packet carries the port information of the virtual firewall, and LACP
  • the destination MAC address of the packet is a specific MAC address.
  • the switch chip of the vSwitch receives the LACP packet and determines that the destination MAC address is 01-80-C2-00-00-02, the vSwitch forwards the LACP packet to the CPU of the vSwitch.
  • the CPU terminates the data frame by using the protocol stack running on the CPU.
  • the switch chip of the vSwitch does not forward LACP packets to the Ethernet switch.
  • the scheme for forwarding LACP packets has the following problem: the LACP packet carrying the specific destination MAC address cannot be terminated by the CPU of the vSwitch, and the Ethernet switch cannot learn the virtual firewall.
  • the port information causes the Ethernet switch to be unable to determine whether the virtual firewall and the port of the virtual firewall are available.
  • the embodiment of the invention provides a method, a device and a system for processing a data frame, which are used to solve the problem that the Ethernet switch in the prior art cannot determine whether the virtual firewall and the port of the virtual firewall are available.
  • an embodiment of the present invention provides a method for processing a data frame, where the method includes:
  • the first switching device determines whether a second port bound to the first port already exists
  • the first switching device determines that the second port is bound to the first port, the first switching device acquires an identifier of the first switching device and an identifier of the first port;
  • the first switching device sends a second data frame to the second switching device by using the second port, where the second data frame carries an identifier of the first switching device and an identifier of the first port;
  • the first port is specifically a terminal where the first switching device communicates with the network device
  • the second port is specifically a port that the first switching device communicates with the second switching device.
  • the identifier of the first switching device is carried in an IP header or a MAC header of the second data frame; and the identifier of the first port is carried in the The tunnel header of the second data frame.
  • the determining, by the first switching device, whether the second port that is bound to the first port is actually included according to the first port includes:
  • the first switching device searches, from the first port matching table, whether the second port bound to the first port has been stored;
  • the first switching device determines that the second port bound to the first port already exists ;
  • the first port matching table is generated by the processor of the first switching device according to a preset forwarding policy.
  • the method before the first switching device acquires the identifier of the first switching device and the identifier of the first port, the method also includes:
  • the first switching device When the first port matching table stores a plurality of the second ports that are bound to the first port, the first switching device is configured from the plurality of the second ports according to a preset port matching rule. Selecting the second port as the second port bound to the first port;
  • the first switching device stores the stored one of the second ports as the first port.
  • the identifier of the first switching device is specifically the first switching The IP address or MAC address of the device; the identifier of the first port is specifically the first end The port number of the port in the first switching device.
  • an embodiment of the present invention provides a first switching device, where the first switching device includes:
  • a receiving unit configured to receive, by using the first port of the first switching device, a first data frame sent by the network device
  • a determining unit configured to determine, according to the first port, whether a second port bound to the first port already exists
  • An obtaining unit configured to acquire an identifier of the first switching device and an identifier of the first port if it is determined that the second port that is bound to the first port is already present;
  • a sending unit configured to send, by using the second port, a second data frame to the second switching device, where the second data frame carries an identifier of the first switching device and an identifier of the first port;
  • the first port is specifically a port that the first switching device communicates with the network device
  • the second port is specifically a port that the first switching device communicates with the second switching device.
  • the identifier of the first switching device of the device is carried in an IP header or a MAC header of the second data frame; the identifier of the first port is carried in the encapsulation The tunnel header of the second data frame.
  • the determining unit is specifically configured to:
  • the first port matching table is generated by the processor of the first switching device according to a preset forwarding policy.
  • the determining unit is further configured to determine a number of the second port bound to the first port
  • the first port matching table stores a plurality of the second ports bound to the first port, selecting one of the plurality of the second ports according to a preset port matching rule a second port as the second port bound to the first port;
  • the first port matching table stores one of the second ports bound to the first port, storing the stored one of the second ports as the first port bound to the first port Second port.
  • the identifier of the first switching device is specifically the first switching An IP address or a MAC address of the device.
  • the identifier of the first port is specifically a port number of the first port in the first switching device.
  • an embodiment of the present invention provides a second switching device, where the second switching device includes:
  • a receiving unit configured to receive a second data frame sent by the first switching device, where the first switching device receives the first data frame sent by the network device by using the first port of the first switching device, by using the first data frame
  • the second port bound to the port sends the second data frame, where the second data frame carries the identifier of the first switching device and the identifier of the first port;
  • a processing unit configured to use a combination of the identifier of the first switching device and the identifier of the first port as a virtual port identifier of the network device to access the second switching device;
  • the first port is specifically a port that the first switching device communicates with the network device
  • the second port is specifically a port that the first switching device communicates with the second switching device.
  • the device further includes:
  • a determining unit configured to determine whether the second data frame sent by the network device by using the second port of the first switching device is periodically received
  • a determining unit configured to determine the first port and the location if the second data frame sent by the network device by using the second port of the first switching device is not periodically received
  • the virtual link between the network devices is a faulty virtual link
  • the determining unit is further configured to: if the network device periodically receives the second data frame sent by the second port of the first switching device, determine the first port and the The virtual link between network devices is a non-failed virtual link.
  • the device further includes:
  • a sending unit configured to send, to the first switching device, a third data frame, where the third data frame includes the virtual port identifier, and the virtual port identifier includes an identifier of the first port.
  • the first exchange carried by the second data frame received by the receiving unit is specifically an IP address or a MAC address of the first switching device.
  • the identifier of the first port carried by the second data frame received by the receiving unit is specifically a port number of the first port in the first switching device.
  • an embodiment of the present invention provides a data frame processing system, where the system includes a first switching device as provided by the second aspect and a second switching device as provided in the third aspect.
  • the first switching device determines the second port to be bound according to the first port of the first data frame that is sent by the network device by using the method, device, and system for processing the data frame provided by the embodiment of the present invention.
  • the device obtains the identifier of the first switching device and the identifier of the first port, and carries the identifier of the first switching device and the identifier of the first port in the second data frame, and sends the second data frame to the second switching device, so that
  • the second switching device receives the second data frame, and connects the combination of the identifier of the first switching device and the first port identifier as a virtual port identifier of the network device to the second switching device.
  • the first switching device After the first switching device receives the first data frame through the first port, the second port bound to the first port is determined according to the first port, and the destination MAC address carried in the first data frame is no longer recognized.
  • the first switching device can process the data frame sent by the network device and transmit the data frame to the second switching device.
  • the Ethernet switch cannot receive the LACP packet in the prior art because the Ethernet switch cannot receive the LACP packet.
  • the port information of the firewall makes it impossible for the Ethernet switch to determine whether the virtual firewall and the port of the virtual firewall are available.
  • the second switching device can receive the data frame, and determine the availability of the network device and the port of the network device according to the received data frame.
  • the technical solution of the embodiment of the present invention can also implement the interaction communication between the network device and the second switching device.
  • FIG. 1 is a flowchart of a method for processing a data frame according to Embodiment 1 of the present invention
  • FIG. 2A is a schematic diagram of a VXLAN header carrying a second identifier according to an embodiment of the present invention
  • FIG. 2B is a schematic diagram of a second identifier of a NVMRE (Network Virtualization using Generic Routing Encapsulation) header according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of a second identifier of an L2TP-VP header carried according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a method for processing a data frame according to an embodiment of the present disclosure
  • FIG. 4 is a flowchart of a method for processing a data frame according to Embodiment 2 of the present invention.
  • FIG. 5 is a schematic structural diagram of a first switching device according to Embodiment 3 of the present invention.
  • FIG. 6 is a schematic structural diagram of a second switching device according to Embodiment 4 of the present invention.
  • FIG. 7 is a schematic structural diagram of hardware of a first switching device according to Embodiment 5 of the present invention.
  • FIG. 8 is a schematic structural diagram of hardware of a second switching device according to Embodiment 6 of the present invention.
  • FIG. 9 is a flowchart of a data frame processing system according to Embodiment 7 of the present invention.
  • FIG. 1 is a flowchart of a method for processing a data frame according to Embodiment 1 of the present invention.
  • the implementation body of the method step is a first switching device, and the first switching device may be specifically a forwarding chip.
  • the embodiment specifically includes the following steps:
  • Step 110 The first switching device receives the first data frame sent by the network device by using the first port of the first switching device.
  • the first switching device receives the first data frame sent by the network device by using the first port, where the network device is directly connected to the first switching device.
  • the first port is specifically a port that the first switching device communicates with the network device.
  • the first data frame may be an LACP message or a standard Ethernet protocol (Ethernet II) frame or a virtual eXtensible Local Area Network (VXLAN) frame or use.
  • Ethernet II Ethernet protocol
  • VXLAN virtual eXtensible Local Area Network
  • NVGRE Generic Routing Encapsulation
  • L2TP Layer 2 Tunneling Protocol
  • IP Internet Protocol
  • MAC header is carried in the first data frame, and a source IP address and a destination IP address are stored in the IP header; and the MAC header is stored in the MAC header.
  • IP Internet Protocol
  • the first switching device and the network device may both be virtual network devices or physical network devices.
  • the virtual network device may be a virtual switch vSwitch or a virtual firewall or a virtual load balancer or a virtual gateway, and the physical network.
  • the device can be a switch or a server.
  • the following is the first switching device as the vSwitch and the virtual network device as the virtual firewall.
  • the frame is an LACP packet as an example.
  • the vSwitch receives the first LACP packet sent by the virtual firewall through the first port of the vSwitch.
  • the virtual firewall is directly connected to the vSwitch, and the virtual firewall runs in the same server as the vSwitch.
  • the destination MAC address of the LACP packet is a specific destination MAC address.
  • the specific destination MAC address is 01-80-C2-00-00- 02.
  • the LACP packet carries the port information of the virtual firewall.
  • Step 120 According to the first port, the first switching device determines whether a second port bound to the first port already exists.
  • the first switching device searches, from the first port matching table, whether the second port bound to the first port is stored; if the first port matching table has been stored and bound to the first port, The second port, the first switching device determines that the second port bound to the first port already exists.
  • the second port is specifically a port on the first switching device that communicates with the second switching device.
  • a second port bound to the first port is stored in the first port matching table.
  • the second port may be a logical port, for example, a port corresponding to a tunnel, or a real physical port.
  • the second switching device is specifically an Ethernet switch.
  • the vSwitch searches, according to the first port, whether the second port bound to the first port is stored in the first port matching table, and if the first port matching table is stored and tied to the first port, The second port is determined, and the vSwitch determines that the second port bound to the first port already exists.
  • the administrator presets the forwarding policy, that is, the administrator pre-sets that all or part of the frames received from a certain first port and having specific features are designated to be sent to the specific second port for forwarding.
  • the processor of the first switching device bundles the first port with the specific second port according to the setting of the administrator to generate a first port matching table.
  • a specific feature refers to a frame having the same unary (eg, source IP address or destination IP address) or a quintuple (eg, source IP address, destination IP address, protocol number, source TCP/UDP port, destination) TCP/UDP port).
  • the first port 120 receives a plurality of data frames, and the first port 120 forwards the data frames having the same source IP address through the second port 140 bound to the first port 120.
  • the first switching device may determine whether a second port bound to the first port exists by looking up a first port matching table generated by the CPU.
  • the method further includes: the first switching device learning, on the first port, the source of the first data frame received from the first port The steps for the MAC address.
  • the first switching device After the first switching device receives the first data frame, the first switching device establishes a mapping table between the first port and the source MAC address of the first data frame, where the source MAC address of the first data frame is stored The mapping relationship of a port.
  • Step 130 If the first switching device determines that the second port is bound to the first port, the first switching device acquires the identifier of the first switching device and the first port. logo.
  • the first switching device acquires an identifier of the first switching device and an identifier of the first port.
  • the identifier of the first switching device specifically refers to an identifier that uniquely identifies the first switching device.
  • the identifier of the first port specifically refers to an identifier that can directly or indirectly reflect the port information of the received data frame. .
  • the identifier of the first switching device is specifically the IP address of the first switching device or the MAC address of the first switching device.
  • the identifier of the first port is specifically that the first port is in the example.
  • the port number in the first switching device is specifically the IP address of the first switching device or the MAC address of the first switching device.
  • the vSwitch obtains the IP address of the vSwitch (for example, 60.60.60.10), and uses the IP address as the identifier of the vSwitch.
  • the vSwitch obtains the first end.
  • the port number of the port (for example, 120), which is the identifier of the first port.
  • Step 140 The first switching device sends a second data frame to the second switching device by using the second port, where the second data frame carries an identifier of the first switching device and an identifier of the first port.
  • the first switching device After acquiring the identifier of the first switching device and the identifier of the first port, the first switching device generates a second data frame, where the second data frame carries the identifier of the first switching device and the first port Logo.
  • the first switching device sends the second data to the second switching device according to the second port bound to the first port determined in step 120, according to the second port that is bound to the first port that is determined in step 120.
  • a frame such that the second switching device obtains the identifier of the first switching device and the identifier of the first port from the second data frame, and combines the identifier of the first switching device with the identifier of the first port As a virtual port identifier of the network device accessing the second switching device.
  • the Ethernet switch can also obtain the port information of the virtual firewall from the second LACP packet, thereby determining the availability of the virtual firewall and the port of the virtual firewall.
  • the virtual port identifier is configured to: when the first switching device receives the data frame sent by the second switching device, the first switching device forwards the data frame to the network device according to the virtual port identifier carried in the data frame, thereby implementing Interactive communication between the network device and the second switching device.
  • the first switching device carries the identifier of the first switching device in the IP header of the second data frame, or the first switching device carries the identifier of the first switching device in the MAC of the second data frame.
  • the first switching device carries the identity of the first port in a tunnel header for encapsulating the second data frame.
  • the first switching device carries the identifier of the first port in the tunnel header in the second data frame as an example.
  • the VXLAN header shown in Figure 2-A carries the identifier of the first port
  • the NVGRE header carries the identifier of the first port, as shown in Figure 2-B, as shown in Figure 2-C.
  • the VP header carries the identity of the first port.
  • the second data frame may be specifically an LACP message or Ethernet II frame or VXLAN frame or NVGRE frame or L2TP-VP frame.
  • the first data frame received by the vSwitch is the first LACP packet
  • the second data frame generated by the vSwitch is the second LACP packet
  • the vSwitch After obtaining the IP address of the vSwitch and the port number of the first port, the vSwitch generates a second LACP packet, where the second LACP packet carries the IP address of the first switching device and the port number of the first port.
  • the vSwitch sends the second LACP to the Ethernet switch through the second port, so that the Ethernet switch obtains the IP address of the vSwitch from the second LACP packet.
  • the port number of the first port, and the combination of the IP address of the vSwitch and the port number of the first port is used as the virtual port identifier of the virtual firewall to access the Ethernet switch.
  • the Ethernet switch can also obtain the port information of the virtual firewall from the second LACP packet, and then determine the availability of the virtual firewall and the port of the virtual firewall.
  • the vSwitch When the vSwitch receives the data frame sent by the Ethernet switch, the vSwitch forwards the data frame to the virtual firewall according to the virtual port identifier carried in the data frame, thereby implementing interactive communication between the virtual firewall and the Ethernet switch.
  • FIG. 3 is a schematic diagram of a method for processing a data frame according to an embodiment of the present invention.
  • the network device is a virtual firewall
  • the first switching device is a vSwitch
  • the second switching device is an Ethernet switch.
  • the virtual firewall runs on the same server as the vSwitch.
  • the vSwitch receives the first LACP packet sent by the virtual firewall through the first port. Based on the first port, the vSwitch determines whether a second port bound to the first port already exists. If the second port is bound to the first port, the vSwitch does not identify the destination MAC address carried in the first LACP packet, but obtains the IP address of the vSwitch (for example, 60.60.60.10) and the first port in the vSwitch. Port number (for example, 120). After the vSwitch obtains the IP address of the vSwitch and the port number of the first port, the vSwitch generates a second LACP packet, and the second LACP packet carries the IP address and the port number of the first port.
  • the IP address of the vSwitch for example, 60.60.60.10
  • Port number for example, 120
  • the vSwitch sends the second LACP packet to the Ethernet switch through the second port, so that the Ethernet switch obtains the IP address of the vSwitch and the port number of the first port from the second LACP packet, and sets the IP address of the vSwitch and the first port.
  • the combination of the port number of the port serves as the virtual port identifier that the virtual firewall accesses to the Ethernet switch.
  • the Ethernet switch can also obtain the port information of the virtual firewall from the second LACP packet, thereby determining the availability of the virtual firewall and the port of the virtual firewall, and interacting with the network device.
  • the first switching device determines the second port to be bound according to the first port of the first data frame that is sent by the network device, and the first switching device acquires the first switching device. And the identifier of the first port, and the identifier of the first switching device and the identifier of the first port are carried in the second data frame, and the second data frame is sent to the second switching device, so that the second switching device receives the And a combination of the identifier of the first switching device and the first port identifier as a virtual port identifier of the network device connected to the second switching device.
  • the first switching device After the first switching device receives the first data frame through the first port, the second port bound to the first port is determined according to the first port, and the destination MAC address carried in the first data frame is no longer recognized.
  • the first switching device can process the data frame sent by the network device and transmit the data frame to the second switching device.
  • the method for processing a data frame provided by the embodiment of the present invention solves the problem that the Ethernet switch cannot receive the LACP packet in the LACP packet because the Ethernet switch cannot receive the LACP packet, so that the Ethernet switch cannot be configured.
  • the second switching device receives the data frame, and determines the availability of the network device and the port of the network device according to the received data frame, and can also implement Interactive communication between the network device and the second switching device.
  • the method further includes: determining, by the first switching device, the number of the second port bound to the first port, by which the first switching device passes the determined 1
  • the second port sends a second data frame.
  • the first switching device When the first port matching table stores a plurality of the second ports that are bound to the first port, the first switching device is configured from the plurality of the second ports according to a preset port matching rule. Selecting the second port as the second port bound to the first port;
  • the first switching device stores the stored one of the second ports as the first port.
  • the first switching device determines the number of the second port bound to the first port; when the first port matches the table, the storage is performed.
  • the first switching device selects a second port from the plurality of second ports as the second port bound to the first port according to the preset port matching rule.
  • the first switching device uses the stored second port as the second port bound to the first port.
  • the port matching rule may be specifically a load balancing rule, an active/standby protection rule, and the like, for example, when multiple first ports are bound to the first port,
  • the second switching device can determine the load traffic of the current forwarding data frame of each second port according to the load balancing rule. If the load traffic of some second ports is too large, the first switching device can select the load traffic. The smaller second port acts as a second port that matches the first port.
  • the first port selected by the first switching device is used to send the second data frame in step 140.
  • the method further includes the step of not storing the second port bound to the first port in the port matching table, where the first switching device performs the destination MAC address according to the first data frame.
  • the corresponding processing is performed on the first data frame.
  • the first switching device determines whether the destination MAC address is a specific MAC address
  • the first switching device Forwarding the first data frame to a processor of the first switching device, where the processor performs local termination processing on the first data frame;
  • the first switching device searches, according to the destination MAC address, whether the first location matching the destination MAC address is stored in the second port matching table. a second port, if the second port matching the destination MAC address is stored, sending the first data frame to the second switching device by using the second port; or
  • the first switching device is configured according to the Copying, by the number of the two ports, the first data frame, the number of the first data frame after the copy is the same as the number of the second port, and the first switching device respectively copies the Each of the first data frames is sent to the second switching device by using a corresponding one of the second ports.
  • the first switching device determines whether the destination MAC address is a specific MAC address (for example, 01-80-C2-00-00 -02). If the destination MAC address is a specific MAC address, the first switching device forwards the first data frame to the processor of the first switching device, and the processor performs the first data frame by using a protocol stack running on the processor. Local termination processing.
  • a specific MAC address for example, 01-80-C2-00-00 -02
  • the first switching device searches, according to the destination MAC address, whether the second port matching the destination MAC address is stored in the second port matching table, if the destination MAC address is matched. a second port, the first switching device sends the encapsulated first data frame to the second switching device by using the determined second port; or if the destination MAC address is not a specific MAC address, and the second port matching table is not stored.
  • the second port that matches the destination MAC address the first switching device copies the first data frame according to the number of the second port, and the number of the copied first data frame is the same as the number of the second port.
  • the first switching device respectively passes each copied first data frame through a corresponding one of the second ports.
  • the second switching device sends.
  • the second port matching table stores a second port that matches the destination MAC address.
  • FIG. 4 is a flowchart of a method for processing a data frame according to Embodiment 2 of the present invention.
  • a first switching device receives a first data frame sent by a network device by using a first port of the first switching device, and The second port bound to the first port sends the second data frame.
  • the implementation body of the embodiment of the present invention is the second switching device. As shown in FIG. 4, the embodiment specifically includes the following steps:
  • Step 410 The second switching device receives the second data frame sent by the first switching device, where the first switching device receives the first data frame sent by the network device by using the first port of the first switching device, and the The second port bound to the first port sends the second data frame to the second switching device, where the second data frame carries an identifier of the first switching device and an identifier of the first port.
  • the first switching device determines whether a second port bound to the first port already exists. If the second port bound to the first port already exists, the first switching device acquires the identifier of the first switching device and the identifier of the first port.
  • the identifier of the first switching device specifically refers to the identifier that uniquely identifies the first switching device.
  • the identifier of the first port refers specifically to the identifier that can directly or indirectly reflect the port information of the received data frame.
  • the identifier of the first switching device is specifically an IP address or a MAC address of the first switching device, and the identifier of the first port is specifically a port number of the first port in the first switching device. .
  • the following takes the first switching device as the vSwitch, the virtual network device as the virtual firewall, the second switching device as the Ethernet switch, the first data frame, and the second data frame as the LACP packets as an example.
  • the vSwitch After the vSwitch receives the first LACP packet sent by the virtual firewall through the first port, the vSwitch determines whether the second port bound to the first port exists. If the second port bound to the first port already exists, the vSwitch obtains the IP address of the vSwitch and the port number of the first port. The vSwitch sends the second LACP packet to the Ethernet switch through the second port. The second LACP packet carries the IP address of the vSwitch and the port number of the first port.
  • the destination MAC address of the LACP packet is a specific destination MAC address (for example, 01-80-C2-00-00-02), and the LACP is in the LACP.
  • the packet carries the port information of the virtual firewall.
  • Step 220 The second switching device uses a combination of the identifier of the first switching device and the identifier of the first port as a virtual port identifier of the network device to the second switching device.
  • the second switching device After receiving the second data frame, acquires the identifier of the first switching device and the identifier of the first port from the second data frame, and combines the identifier of the first switching device with the identifier of the first port. As a virtual port identifier of the network device accessing the second switching device.
  • the virtual port identifier is configured to: when the second switching device sends the data frame to the first switching device, the first switching device forwards the data frame to the network device according to the virtual port identifier carried in the data frame, thereby implementing the network device. Interactive communication with the second switching device.
  • the Ethernet switch after receiving the second LACP packet, the Ethernet switch obtains the IP address of the vSwitch and the port number of the first port from the second LACP packet, and the vSwitch The combination of the IP address and the port number of the first port serves as the virtual port identifier that the virtual firewall accesses to the Ethernet switch.
  • the Ethernet switch can also obtain the port information of the virtual firewall from the second LACP packet, thereby determining the availability of the virtual firewall and the port of the virtual firewall.
  • the vSwitch forwards the data frame to the virtual firewall according to the virtual port identifier carried in the data frame, thereby implementing interactive communication between the virtual firewall and the Ethernet switch.
  • the first switching device After the first switching device receives the first data frame through the first port, the second port bound to the first port is determined according to the first port, and the destination MAC address carried in the first data frame is no longer recognized.
  • the first switching device can process the data frame sent by the network device and transmit the data frame to the second switching device, where the second switching device receives the second data frame, and the identifier of the first switching device carried by the second data frame and the first
  • the combination of the port identifiers is used as the virtual port identifier of the network device to access the second switching device, and the second switching device determines the availability of the network device and the port of the network device according to the received second data frame, and the network
  • the Ethernet switch cannot obtain the port information of the virtual firewall in the LACP packet because the Ethernet switch cannot receive the LACP packet, so that the Ethernet switch cannot determine whether the virtual firewall and the port of the virtual firewall are available. problem.
  • the method further includes: determining, by the second switching device, a step of periodically receiving the second data frame sent by the network device by using the second port of the first switching device, by using the step,
  • the second switching device is configured to monitor a virtual link between the network device and the first switching device.
  • the second switching device determines the first The virtual link between a port and the network device is a faulty virtual link
  • the second switching device determines the first The virtual link between the port and the network device is a non-failed virtual link.
  • the second switching device determines that the first port of the first switching device and the network device The virtual link is a faulty virtual link, and the second switching device deletes the virtual device identifier of the network device to its own port from the port list, and then does not send the data frame to the network device.
  • the second switching device determines a virtual chain between the first port of the first switching device and the network device The path is a non-failed virtual link, and the subsequent transmission of data frames to the network device continues.
  • the method further includes: sending, by the second switching device, a third data frame to the first switching device, by using the step, the first switching device may forward the data frame sent by the second switching device To the corresponding network device.
  • Specific steps are as follows:
  • the second switching device sends a third data frame to the first switching device, where the third data frame includes the virtual port identifier, and the virtual port identifier includes an identifier of the first port, so that the Determining, by the first switching device, the first port according to the identifier of the first port, stripping the virtual port identifier from the third data frame, obtaining a fourth data frame, and determining the first port Transmitting the fourth data frame to the network device.
  • the third embodiment of the present invention further provides a first switching device, which is used to implement the processing method of the data frame provided in the foregoing first embodiment.
  • the device includes: a receiving unit 510, a determining unit. 520.
  • the receiving unit 510 of the first switching device is configured to receive, by using the first port of the first switching device, a first data frame sent by the network device;
  • the determining unit 520 is configured to determine, according to the first port, whether a second port bound to the first port already exists;
  • the obtaining unit 530 is configured to acquire an identifier of the first switching device and an identifier of the first port if it is determined that the second port that is bound to the first port exists
  • the sending unit 540 is configured to send, by using the second port, a second data frame to the second switching device, where the second data frame carries an identifier of the first switching device and an identifier of the first port;
  • the first port is specifically a port that the first switching device communicates with the network device
  • the second port is specifically a port that the first switching device communicates with the second switching device.
  • the identifier of the first switching device is carried in an IP header or a MAC header of the second data frame; the identifier of the first port is carried in a tunnel header for encapsulating the second data frame.
  • the determining unit 520 is specifically configured to: according to the first port, look up, from the first port matching table, whether the second port bound to the first port has been stored;
  • the first port matching table is generated by the processor of the first switching device according to a preset forwarding policy.
  • the determining unit 520 is further configured to determine the number of the second ports bound to the first port
  • the first port matching table stores a plurality of the second ports bound to the first port, selecting one of the plurality of the second ports according to a preset port matching rule a second port as the second port bound to the first port;
  • the first port matching table stores one of the second ports bound to the first port, storing the stored one of the second ports as the first port bound to the first port Second port.
  • the identifier of the first switching device is specifically an IP address or a MAC address of the device;
  • the identifier of the first port is specifically a port number of the first port in the first switching device.
  • the first switching device determines, according to the first port of the first data frame sent by the receiving network device, the bound second port, where the first switching device Obtaining the identifier of the first port and the identifier of the first port, and carrying the identifier of the first port and the identifier of the first port in the second data frame, and sending the second data frame to the second switching device, so that the second switching device receives the second And a combination of the identifier of the first switching device and the first port identifier as a virtual port identifier of the network device to the second switching device.
  • the first switching device After the first switching device receives the first data frame through the first port, the second port bound to the first port is determined according to the first port, and the destination MAC address carried in the first data frame is no longer performed.
  • the first switching device can process the data frame sent by the network device and transmit the data frame to the second switching device.
  • the Ethernet switch cannot obtain the port information of the virtual firewall in the LACP packet because the Ethernet switch cannot receive the LACP packet, so that the Ethernet switch cannot determine whether the virtual firewall and the port of the virtual firewall are available.
  • the problem is that the second switching device receives the data frame, determines the availability of the network device and the port of the network device according to the received data frame, and can also implement the interaction communication between the network device and the second switching device.
  • the fourth embodiment of the present invention further provides a second switching device, which is used to implement the processing method of the data frame provided in the foregoing Embodiment 2.
  • the second switching device includes: a receiving unit 610. And a processing unit 620.
  • the receiving unit 610 of the second switching device is configured to receive a second data frame sent by the first switching device, where the first switching device receives the first one sent by the network device by using the first port of the first switching device a data frame, the second data frame is sent by using a second port that is bound to the first port, where the second data frame carries an identifier of the first switching device and an identifier of the first port;
  • the processing unit 620 is configured to use a combination of the identifier of the first switching device and the identifier of the first port as a virtual port identifier of the network device to access the second switching device;
  • the first port is specifically a port that the first switching device communicates with the network device
  • the second port is specifically a port that the first switching device communicates with the second switching device.
  • the device further includes: a determining unit 630, configured to determine whether the second data frame sent by the network device by using the second port of the first switching device is periodically received;
  • a determining unit 640 configured to determine the first port and the network if the second data frame sent by the network device by using the second port of the first switching device is not periodically received
  • the virtual link between devices is a faulty virtual link
  • the determining unit 640 is further configured to: if the second data frame sent by the network device by using the second port of the first switching device is periodically received, determining the first port and the The virtual link between the network devices is a non-failed virtual link.
  • the device further includes: a sending unit 650, configured to send a third data frame to the first switching device, where the third data frame includes the virtual port identifier, where the virtual port identifier includes the first port Logo.
  • a sending unit 650 configured to send a third data frame to the first switching device, where the third data frame includes the virtual port identifier, where the virtual port identifier includes the first port Logo.
  • the identifier of the first switching device carried by the second data frame received by the receiving unit 610 is specifically an IP address or a MAC address of the first switching device;
  • the identifier of the first port carried by the second data frame received by the receiving unit 610 is specifically a port number of the first port in the first switching device.
  • the first switching device After the first switching device receives the first data frame through the first port, the second port bound to the first port is determined according to the first port, and the destination MAC address carried in the first data frame is no longer recognized.
  • the first switching device can process the data frame sent by the network device and transmit the data frame to the second switching device, where the second switching device receives the second data frame, and the second switching device carries the second data frame.
  • the combination of the identifier and the first port identifier is used as a virtual port identifier of the network device to access the second switching device, and the second switching device is connected according to the The received second data frame determines the availability of the network device and the port of the network device, and performs interactive communication with the network device.
  • the Ethernet switch cannot obtain the port information of the virtual firewall in the LACP packet because the Ethernet switch cannot receive the LACP packet, so that the Ethernet switch cannot determine whether the virtual firewall and the port of the virtual firewall are available. problem.
  • the first switching device provided by the third embodiment of the present invention may be implemented as follows to implement the processing method of the data frame in the first embodiment of the present invention. As shown in FIG. 7, the first switching device is used. Includes: port 710, processor 720, and memory 730. System bus 740 is used to connect port 710, processor 720, and memory 730.
  • the port 710 is configured to perform interaction communication with the network device and the second switching device.
  • Memory 730 can be a persistent storage, such as a hard drive and flash memory, and memory 730 is used to store applications that include instructions for enabling processor 720 to access and execute the following instructions:
  • the first port is specifically a port that the first switching device communicates with the network device
  • the second port is specifically a port that the first switching device communicates with the second switching device.
  • the identifier of the first switching device is carried in an IP header or a MAC header of the second data frame; the identifier of the first port is carried in a tunnel header for encapsulating the second data frame .
  • the application stored by the memory 730 further includes instructions operable to cause the processor 720 to perform, according to the first port, determining whether a second port process bound to the first port already exists:
  • the first port matching table is generated by the processor of the first switching device according to a preset forwarding policy.
  • the application stored by the memory 730 further includes instructions that can be used to cause the processor 720 to perform the following process:
  • the first port matching table stores a plurality of the second ports bound to the first port, selecting one of the plurality of the second ports according to a preset port matching rule a second port as the second port bound to the first port;
  • the first port matching table stores one of the second ports bound to the first port, storing the stored one of the second ports as the first port bound to the first port Second port.
  • the identifier of the first switching device is specifically an IP address or a MAC address of the first switching device
  • the identifier of the first port is specifically a port of the first port in the first switching device. number.
  • the first switching device determines, according to the first port of the first data frame sent by the receiving network device, the bound second port, where the first switching device Obtaining the identifier of the first port and the identifier of the first port, and carrying the identifier of the first port and the identifier of the first port in the second data frame, and sending the second data frame to the second switching device, so that the second switching device receives the second a data frame and the identification and number of the first switching device.
  • the combination of a port identifier serves as a virtual port identifier that the network device accesses to the second switching device.
  • the first switching device After the first switching device receives the first data frame through the first port, the second port bound to the first port is determined according to the first port, and the destination MAC address carried in the first data frame is no longer performed.
  • the first switching device can process the data frame sent by the network device and transmit the data frame to the second switching device.
  • the Ethernet switch cannot obtain the port information of the virtual firewall in the LACP packet because the Ethernet switch cannot receive the LACP packet, so that the Ethernet switch cannot determine whether the virtual firewall and the port of the virtual firewall are available.
  • the problem is that the second switching device receives the data frame, determines the availability of the network device and the network device port according to the received data frame, and can also implement the interaction communication between the network device and the second switching device.
  • the second switching device provided by the fourth embodiment of the present invention may be implemented as follows to implement the data frame processing method in the foregoing second embodiment of the present invention.
  • the second switching device is configured. Includes: port 810, processor 820, and memory 830.
  • System bus 840 is used to connect port 810, processor 820, and memory 830.
  • Port 810 is for interactive communication with the first switching device.
  • Memory 830 can be a persistent storage, such as a hard drive and flash memory, and memory 830 is used to store applications, which include instructions that can be used to cause processor 820 to access and execute the following instructions:
  • the first switching device receives the first data frame sent by the network device by using the first port of the first switching device, and is bound by the first port Transmitting, by the second port, the second data frame, where the second data frame carries an identifier of the first switching device and an identifier of the first port;
  • the first port is specifically a terminal where the first switching device communicates with the network device
  • the second port is specifically a port that the first switching device communicates with the second switching device.
  • the application stored by the memory 830 further includes instructions that can be used to cause the processor 820 to perform the following process:
  • the application stored by the memory 830 further includes instructions that can be used to cause the processor 820 to perform the following process:
  • the identifier of the first switching device that is carried by the second data frame is specifically an IP address or a MAC address of the first switching device, and the identifier of the first port that is carried by the second data frame is specific.
  • the port number of the first port in the first switching device is specifically an IP address or a MAC address of the first switching device, and the identifier of the first port that is carried by the second data frame is specific.
  • the first switching device After the first switching device receives the first data frame through the first port, the second port bound to the first port is determined according to the first port, and the destination MAC address carried in the first data frame is no longer recognized.
  • the first switching device can process the data frame sent by the network device and transmit the data frame to the second switching device, where the second switching device receives the second data frame, and the second switching device carries the second data frame a combination of the identifier and the first port identifier as a virtual port identifier of the network device accessing the second switching device, and the second switching device, according to the received second data frame, the network device and the port of the network device Availability is determined, and Interact with network devices.
  • the Ethernet switch cannot obtain the port information of the virtual firewall in the LACP packet because the Ethernet switch cannot receive the LACP packet, so that the Ethernet switch cannot determine whether the virtual firewall and the port of the virtual firewall are available. problem.
  • the seventh embodiment of the present invention further provides a data frame processing system. As shown in FIG. 9, the system includes the first switching device provided by the third embodiment of the present invention and the second switching device provided by the fourth embodiment of the present invention. ;
  • the system includes: the first switching device provided in Embodiment 5 of the present invention and the second switching device provided in Embodiment 6 of the present invention.
  • system further includes: a network device.
  • the network device is a virtual firewall
  • the first switching device is a vSwitch
  • the second switching device is an Ethernet switch.
  • the virtual firewall is directly connected to the vSwitch, and the virtual firewall runs on the same server as the vSwitch.
  • the vSwitch when the first data frame is an LACP packet, the vSwitch does not identify the destination MAC address carried by the first LACP packet after receiving the first LACP packet sent by the virtual firewall. And determining, according to the first port, the second port bound to the first port. After processing the first LACP packet, the vSwitch sends a second LACP packet to the Ethernet switch, so that the Ethernet switch receives the second LACP packet, and determines the virtual firewall and the virtual firewall according to the second LACP packet. Whether the port is available and interacting with the network device.
  • the first switching device determines the second port to be bound according to the first port of the first data frame that is sent by the network device, and the first switching device acquires the first, by using the processing system of the data frame provided by the embodiment of the present invention.
  • the identifier of the switching device and the identifier of the first port, and the identifier of the first switching device and the identifier of the first port are carried in the second data frame, and sent to the second switching device And a second data frame, so that the second switching device receives the second data frame, and the combination of the identifier of the first switching device and the first port identifier is used as a virtual port identifier of the network device to the second switching device.
  • the first switching device After the first switching device receives the first data frame through the first port, the second port bound to the first port is determined according to the first port, and the destination MAC address carried in the first data frame is no longer recognized.
  • the first switching device can process the data frame sent by the network device and transmit the data frame to the second switching device.
  • the Ethernet switch cannot obtain the port information of the virtual firewall in the LACP packet because the Ethernet switch cannot receive the LACP packet, so that the Ethernet switch cannot determine whether the virtual firewall and the port of the virtual firewall are available.
  • the problem is that the second switching device receives the data frame, and determines the availability of the network device and the port of the network device according to the received data frame, and can also implement the interaction communication between the network device and the second switching device. .
  • the steps of a method or algorithm described in connection with the embodiments disclosed herein can be implemented in hardware, a software module executed by a processor, or a combination of both.
  • the software module can be placed in random access memory (RAM), memory, read only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or technical field. Any other form of storage medium known.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention concerne, dans un mode de réalisation, un procédé, un dispositif et un système de traitement de trame de données, le procédé comprenant les étapes suivantes : un premier dispositif de commutation reçoit, par l'intermédiaire d'un premier port du premier dispositif de commutation, une première trame de données transmise par un dispositif réseau ; le premier dispositif de commutation détermine, selon le premier port, si un second port lié au premier port existe ; dans l'affirmative, le premier dispositif de commutation acquiert des identifiants du premier dispositif de commutation et du premier port et transmet une seconde trame de données à un second dispositif de commutation par l'intermédiaire du second port, la seconde trame de données portant les identifiants du premier dispositif de commutation et du premier port.
PCT/CN2015/080427 2014-06-13 2015-05-30 Procédé, dispositif et système de traitement de trame de données WO2015188706A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410265153.9 2014-06-13
CN201410265153.9A CN105227420B (zh) 2014-06-13 2014-06-13 数据帧的处理方法、装置与系统

Publications (1)

Publication Number Publication Date
WO2015188706A1 true WO2015188706A1 (fr) 2015-12-17

Family

ID=54832893

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/080427 WO2015188706A1 (fr) 2014-06-13 2015-05-30 Procédé, dispositif et système de traitement de trame de données

Country Status (2)

Country Link
CN (1) CN105227420B (fr)
WO (1) WO2015188706A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131546A (zh) * 2019-12-25 2020-05-08 宁波奥克斯电气股份有限公司 终端mac地址的获取方法、装置、系统、终端及介质

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113760799B (zh) * 2020-06-03 2024-04-09 中车株洲电力机车研究所有限公司 Upp接口的可扩展通信方法、装置、计算机设备和存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102917003A (zh) * 2011-06-30 2013-02-06 尼尔森(美国)有限公司 监视移动互联网活动的系统、方法和装置
CN103532858A (zh) * 2013-10-31 2014-01-22 福建星网锐捷网络有限公司 基于trill网络中的数据报文的处理方法和装置
CN103533103A (zh) * 2013-10-31 2014-01-22 成都西加云杉科技有限公司 基于网络地址转换的通信方法和装置
US20140119238A1 (en) * 2010-09-28 2014-05-01 Juniper Networks, Inc. Multi-chassis topology discovery using in-band signaling
CN103858388A (zh) * 2013-10-08 2014-06-11 华为技术有限公司 环路检测方法及装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140119238A1 (en) * 2010-09-28 2014-05-01 Juniper Networks, Inc. Multi-chassis topology discovery using in-band signaling
CN102917003A (zh) * 2011-06-30 2013-02-06 尼尔森(美国)有限公司 监视移动互联网活动的系统、方法和装置
CN103858388A (zh) * 2013-10-08 2014-06-11 华为技术有限公司 环路检测方法及装置
CN103532858A (zh) * 2013-10-31 2014-01-22 福建星网锐捷网络有限公司 基于trill网络中的数据报文的处理方法和装置
CN103533103A (zh) * 2013-10-31 2014-01-22 成都西加云杉科技有限公司 基于网络地址转换的通信方法和装置

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131546A (zh) * 2019-12-25 2020-05-08 宁波奥克斯电气股份有限公司 终端mac地址的获取方法、装置、系统、终端及介质

Also Published As

Publication number Publication date
CN105227420A (zh) 2016-01-06
CN105227420B (zh) 2018-10-19

Similar Documents

Publication Publication Date Title
US11240065B2 (en) NSH encapsulation for traffic steering
US10938627B2 (en) Packet processing method, device, and network system
US10764086B2 (en) Packet processing method, related apparatus, and NVO3 network system
US10116559B2 (en) Operations, administration and management (OAM) in overlay data center environments
US10237230B2 (en) Method and system for inspecting network traffic between end points of a zone
US9130859B1 (en) Methods and apparatus for inter-virtual local area network multicast services
US10193707B2 (en) Packet transmission method and apparatus
US9608841B2 (en) Method for real-time synchronization of ARP record in RSMLT cluster
US9571382B2 (en) Method, controller, and system for processing data packet
EP2224645B1 (fr) Procédé et équipement de transmission d'un message basé sur le protocole de tunnel de niveau 2
US20170005915A1 (en) Fast convergence in vrrp with multipoint bidirectional forwarding detection
US20120099602A1 (en) End-to-end virtualization
US9712649B2 (en) CCN fragmentation gateway
US11165693B2 (en) Packet forwarding
WO2013185715A1 (fr) Procédé pour la mise en oeuvre d'un réseau virtuel et réseau virtuel
EP3494670B1 (fr) Procédé et appareil de mise à jour de multiples sessions de détection de transfert bidirectionnel (bfd) à commutation multi-protocole par étiquette (mpls)
US9883010B2 (en) Method, apparatus, device and system for generating DHCP snooping binding table
CN110945837A (zh) 优化sdn中的服务节点监视
US20180262458A1 (en) Address resolution suppression in a logical network
US11343332B2 (en) Method for seamless migration of session authentication to a different stateful diameter authenticating peer
EP3032782B1 (fr) Procédé et appareil de transmission de paquet
WO2019196914A1 (fr) Procédé de découverte de trajet de réacheminement, et dispositif associé
WO2015188706A1 (fr) Procédé, dispositif et système de traitement de trame de données
US20170070473A1 (en) A switching fabric including a virtual switch
WO2015188682A1 (fr) Procédé, dispositif, et système de traitement de chaîne de services

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15807091

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15807091

Country of ref document: EP

Kind code of ref document: A1