WO2016015497A1 - Method, device and system for forwarding packet - Google Patents

Method, device and system for forwarding packet Download PDF

Info

Publication number
WO2016015497A1
WO2016015497A1 PCT/CN2015/077468 CN2015077468W WO2016015497A1 WO 2016015497 A1 WO2016015497 A1 WO 2016015497A1 CN 2015077468 W CN2015077468 W CN 2015077468W WO 2016015497 A1 WO2016015497 A1 WO 2016015497A1
Authority
WO
WIPO (PCT)
Prior art keywords
port
packet
ethernet link
isolation group
multicast
Prior art date
Application number
PCT/CN2015/077468
Other languages
French (fr)
Chinese (zh)
Inventor
张军林
周道龙
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2016015497A1 publication Critical patent/WO2016015497A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a packet forwarding method, device, and system.
  • the virtual private network connects the customer sites in different regions through the Multi-Protocol Label Switching (MPLS) bearer network, so that these sites can be like the same local area network (Local Area Network, LAN) works like that.
  • Ethernet Virtual Private Network is an Ethernet VPN technology based on Border Gateway Protocol (BGP) and MPLS. Compared with traditional Ethernet VPN, EVPN has a great advantage in that it can achieve All.
  • -Active mode that is, the user edge device (CE) is connected to multiple provider edge devices (PEs). The multiple PEs can be called multi-homed PEs, and between CEs and multi-homed PEs.
  • a multi-Chassis Link Aggregation Group (MC_LAG) is deployed to bundle the link between the CE and multiple PEs into one Ethernet trunk and a given virtual local area network from the CE to the PE.
  • the traffic of the network can be forwarded by any one of the multiple PEs.
  • the selection of the PE depends on the load sharing algorithm selected by the CE when sending data packets from the Ethernet trunk link.
  • the broadcast, unicast, and multicast (BUM) traffic sent from the local device to the PE device is easy to form a triangular loop on the user side, resulting in traffic return. .
  • the EVPN protocol defines a horizontal splitting mechanism, that is, the multi-homing PE from the local end station.
  • the packet carries the packet source identifier in the data packet encapsulation, that is, the Ethernet Segment Identifier (ESI) label is encapsulated, and the receiving end PE receives the packet.
  • the source identifier information carried in the data packet encapsulation is used to determine whether it needs to be forwarded to the local site.
  • the horizontal splitting mechanism requires the source PE (ie, the PE that receives the BUM sent by the local station) to encapsulate the ESI label when forwarding the BUM message to the network side, and interpret the ESI label on the destination PE, but the existing switch product is subject to Limited to hardware chip limitations does not support the packaging and processing of ESI tags, unless the hardware chip design is changed to support the packaging and processing of ESI tags, but this will increase the cost of the product.
  • the embodiments of the present invention provide a method, a device, and a system for forwarding a packet, which are used to solve the technical problem that the traffic on the user side occurs in the EVPN network packet forwarding process in the prior art.
  • the embodiment of the present invention provides a method for forwarding a packet, where the method is applicable to a scenario in which a first CE is dual-homed to an EVPN by using a first PE and a second PE, and the first PE and the first An Ethernet link is established between the two PEs, and the method includes:
  • the first PE establishes a port isolation group, where the port isolation group includes a port on the first PE side of the Ethernet link, a port in the first PE that is connected to the first CE, and the first Network side port of the PE;
  • the first PE forwards the packet to a second CE connected to a port other than the port isolation group in the first PE.
  • the first PE establishing a port isolation group includes:
  • the first PE detects whether the Ethernet segment identifier ESI of each port in the local port is a valid value, and the local port is a port to which the CE is connected in the first PE;
  • the first PE adds a port whose ESI is a valid value in the local port to a port isolation group as a port connected to the first CE in the first PE;
  • the first PE adds the port on the first PE side and the network side port in the first PE in the Ethernet link to the port isolation group.
  • the method further includes:
  • the first PE detects that the first CE in the port isolation group is dual-homed to the EVPN, the first CE is connected to the first CE. The port is removed from the isolation group.
  • the first PE and the first The two PEs have the same virtual internet protocol IP address, and the method further includes:
  • the first PE advertises a multicast route to the remote PE, where the next hop address of the multicast route is the virtual IP address, and the multicast route advertised by the second PE to the remote PE The next hop address is the virtual IP address.
  • the first PE receives the second PE forwarding by using the port on the first PE side of the Ethernet link.
  • the message includes:
  • the first PE passes the The receiving, by the port on the first PE side of the link, the packet forwarded by the second PE includes:
  • the first PE receives the second multicast packet that is forwarded by the second PE by using the Ethernet link, and the second multicast packet is a CE that is connected to the second PE to the second PE.
  • the message sent is a CE that is connected to the second PE to the second PE.
  • the embodiment of the present invention further provides a first PE for packet forwarding, which is used for A CE is configured to establish an Ethernet link between the first PE and the second PE by using the first PE and the second PE to connect to the EVPN.
  • the first PE includes:
  • a establishing unit configured to establish a port isolation group, where the port isolation group includes a port on the first PE side of the Ethernet link, a port in the first PE that is connected to the first CE, and the first Network side port of the PE;
  • a receiving unit configured to receive, by using a port on the first PE side of the Ethernet link, a packet that is forwarded by the second PE;
  • a forwarding unit configured to forward, to the second CE connected to the port other than the port isolation group, the packet received by the receiving unit.
  • the establishing unit includes:
  • a detecting subunit configured to detect, respectively, whether an Ethernet segment identifier ESI of each port in the local port is a valid value, where the local port is a port to which the CE is connected in the first PE;
  • control subunit configured to add, as the port of the first PE, the port connected to the first CE to the port isolation group;
  • the control subunit is further configured to add the port on the first PE side and the network side port in the first PE in the Ethernet link to the port isolation group.
  • the first PE further includes:
  • a deleting unit configured to connect the first CE to the first CE by detecting that the first CE in the port isolation group is dual-homed to the EVPN by the dual-homed connection The port is removed from the isolation group.
  • the first PE and the first The two PEs have the same virtual IP address, and the first PE further includes:
  • the sending unit is configured to advertise a multicast route to the remote PE, where the next hop address of the multicast route is the virtual IP address.
  • the receiving unit is specifically configured to:
  • the multicast packet is a packet sent by the remote PE to the second PE according to the multicast route.
  • the receiving unit is specifically configured to:
  • the second PE And receiving, by the second PE, a second multicast packet that is forwarded by the Ethernet link, where the second multicast packet is a packet that is sent by the CE that is connected to the second PE to the second PE.
  • the embodiment of the present invention further provides a packet forwarding system, where the system includes: a first CE, a first PE, and a second PE, where the first CE passes the first PE and the first Two PEs are dual-homed to the EVPN, and an Ethernet link is established between the first PE and the second PE, where
  • the second PE is configured to receive the packet sent by the first CE, and forward the packet to the first PE by using the Ethernet link;
  • the first PE is configured to establish a port isolation group, and receive, by the port on the first PE side of the Ethernet link, the packet forwarded by the second PE, and remove the packet from the first PE.
  • the second CE connected to the port other than the port isolation group forwards the packet, where the port isolation group includes the port on the first PE side of the Ethernet link, and the connection in the first PE a port of the first CE and a network side port of the first PE.
  • the system further includes a remote PE, where the first PE and the second PE have the same virtual IP address, and the system further includes:
  • the first PE is further configured to advertise a multicast route to the remote PE, where a next hop address of the multicast route is the virtual IP address;
  • the second PE is further configured to advertise the multicast route to the remote PE, where a next hop address of the multicast route is the virtual IP address;
  • Receiving, by the second PE, the packet sent by the remote PE, and forwarding the packet to the first PE by using the Ethernet link including:
  • the second PE receives the multicast packet forwarded by the remote PE according to the multicast route, and sends the multicast packet to the first PE by using the Ethernet link.
  • the embodiment of the present invention can control the report by establishing an Ethernet link between the PE devices and establishing a port isolation group, so that the PE receives the data packet transmitted through the Ethernet link.
  • the packet is forwarded to the CE connected to the port other than the port isolation group, and the packet is not forwarded to other CEs. This ensures that the PE receives the packet and reports it when the CE is dual-homed to the EVPN.
  • the traffic backhaul problem formed on the user side during the forwarding of the file does not need to be encapsulated by the ESI label for traffic judgment to avoid traffic backhaul.
  • the solution of the embodiment of the present invention does not need to change the current hardware chip design, thereby saving cost.
  • FIG. 1 is a schematic flowchart of a method for packet forwarding according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of a method for establishing a port isolation group according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a scenario of a packet forwarding method according to an embodiment of the present invention.
  • FIG. 4 is a schematic diagram of a scenario of another method for packet forwarding according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a first PE according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic structural diagram of another first PE according to an embodiment of the present disclosure.
  • FIG. 7 is a schematic structural diagram of a network device according to an embodiment of the present disclosure.
  • FIG. 8 is a schematic structural diagram of still another packet forwarding system according to an embodiment of the present disclosure.
  • FIG. 9 is a schematic structural diagram of still another packet forwarding system according to an embodiment of the present invention.
  • the embodiment of the present invention is applicable to a scenario in which the first CE is dual-homed to the EPE through the first PE and the second PE, where the dual-homed CE is between the first CE and the first PE and the second PE.
  • the link between the CE and the first PE and the second PE is bundled into an Ethernet trunk.
  • the traffic from the CE to the PE can pass through the first PE or the first PE.
  • the second PE forwards. Further, an Ethernet link is established between the first PE and the second PE.
  • FIG. 1 is a schematic flowchart of a method for forwarding a packet according to an embodiment of the present invention.
  • the method in the embodiment of the present invention is specifically applicable to the first PE. Specifically, the method includes:
  • the first PE establishes a port isolation group, where the port isolation group includes a port on the first PE side of the Ethernet link, a port in the first PE that is connected to the first CE, and a network side port on the first PE. .
  • the existing data packet transmitted through the tunnel needs to be encapsulated in the original Ethernet data packet received from the CE side, and the embodiment of the present invention is compared with the traditional data packet transmitted through the tunnel.
  • the Ethernet and the second PE transmit the received Ethernet data packet through the Ethernet link, the packet does not need to be encapsulated in the tunnel, so that the data transmission process can be simplified to some extent.
  • the port on the first PE side of the Ethernet link that is, the Ethernet link is connected to the first PE.
  • a port (hereafter referred to as an Ethernet link port) is used for VLAN configuration.
  • the Ethernet link port is added to a VLAN that needs to be extended by EVPN, and a port isolation group is established for the VLAN.
  • the VLAN setting of the Ethernet link port may be automatically completed when the Ethernet link is established, that is, when the port connecting the PE and the CE is added to the VLAN to be extended, the Ethernet link port is also automatically added. Go to the VLAN or add the Ethernet link to the VLAN by manual configuration. There may be multiple VLANs that need to be extended.
  • a port isolation group may be established for each VLAN of the Ethernet link port. Further, the ports in the same port isolation group belong to the same VLAN.
  • S102 The first PE receives the port on the first PE side in the Ethernet link. The packet forwarded by the second PE.
  • the packet forwarded by the second PE includes a packet sent by the CE connected to the second PE to the second PE or a packet forwarded by the remote PE to the second PE.
  • the remote PE When the remote PE receives the packet sent by the local CE and forwards the packet to the first PE and the second PE, the first PE and the second PE send the multicast route when the packet is forwarded according to the definition of the EVPN protocol. Carrying the respective IP addresses as the next hop addresses, so that after receiving the multicast route, the remote PE considers that the first PE and the second PE are two in the multicast headend replication list for the same broadcast domain. Different multicast packets are duplicated and sent to the first PE and the second PE during the multicast replication. The problem occurs when the access side CE receives double traffic and the traffic is duplicated.
  • a virtual Internet Protocol (IP) address may be pre-configured for the first PE, and the first PE and the second PE have the same virtual IP address, the first When a PE advertises a multicast route to the remote PE, the next hop address of the multicast route is the virtual IP address, and the multicast route advertised by the second PE to the remote PE The next hop address is also the virtual IP address, so that the remote PE only copies one multicast packet to the same next hop address when receiving the same next hop address sent by the first PE and the second PE.
  • the multicast packet is forwarded to the first PE or the second PE, thereby avoiding the problem that the access side CE receives double traffic and causes traffic to be duplicated.
  • the remote PE forwards the packet to the second PE as an example, and the second PE forwards the multicast packet to the first PE through the Ethernet link.
  • the receiving, by the first PE, the packet forwarded by the second PE by using the port on the first PE side of the Ethernet link may be: receiving, by the second PE, forwarding by using the Ethernet link.
  • the first multicast packet is the packet sent by the remote PE to the second PE according to the multicast route.
  • the receiving, by the first PE, the packet that is forwarded by the second PE by using the port on the first PE side of the Ethernet link may be: receiving, by the second PE, forwarding by using the Ethernet link.
  • the second multicast packet is a packet sent by the CE connected to the second PE to the second PE.
  • S103 The first PE sends a port other than the port isolation group to the first PE.
  • the connected second CE forwards the message.
  • the packet may be forwarded only to the second port connected to the port other than the port isolation group.
  • CE the first CE to the PE is determined to be forwarded by the second PE, and the second PE forwards the packet to the first PE through the Ethernet link, and the first PE only forwards the current PE to the current PE.
  • the CE connected to the port other than the port isolation group forwards the packet, and does not forward the packet to the first CE and the network side of the port isolation group, so that the first PE and the second PE are connected.
  • the first CE receives only one packet, avoiding the problem of traffic return caused by receiving multiple identical packets.
  • the embodiment of the present invention can control the forwarding of the packet to the port except that the Ethernet link is established between the PE devices and the port isolation group is established, so that the PE receives the data packet transmitted through the Ethernet link.
  • the CE connected to the port other than the isolation group does not forward the packet to other CEs. This prevents the PE from receiving the packet and forwarding the packet when the CE is dual-homed to the EVPN.
  • the formed traffic backhaul problem does not need to be encapsulated by the ESI label for traffic judgment to avoid traffic backhaul.
  • the solution of the embodiment of the present invention does not need to change the current hardware chip design, thereby saving cost.
  • FIG. 2 is a schematic flowchart of a method for establishing a port isolation group according to an embodiment of the present invention. Specifically, the method includes:
  • the first PE detects whether the Ethernet segment identifier ESI of each port in the local port is a valid value.
  • the local port is a port in which the CE is connected to the first PE, and the connected CE includes a first CE and a second CE.
  • the first PE when the first PE establishes a port isolation group for the VLAN where the Ethernet link port is located, it can detect whether the Ethernet segment identifier (ESI) corresponding to each local port of the current PE is a valid value. To determine if the local port is added to the port isolation group.
  • EMI Ethernet segment identifier
  • the first PE adds the port with the ESI as the valid value in the local port as the port connected to the first CE in the first PE to the port isolation group.
  • the The CE connected to the local port is connected to the current EVPN through the dual-homing of the first PE and the second PE. If the CE is the first CE, the local port can be added to the port isolation group.
  • the first PE detects that the first CE in the port isolation group is dual-homed to the EVPN, the first PE is connected to the first PE.
  • the port of a CE is deleted from the isolation group.
  • the CE single-homing connection to the EVPN may indicate that the CE is connected to the EVPN through the first PE or the second PE, that is, the link between the CE and the second PE or the first PE is Down, and the The port connecting the first CE in a PE is deleted from the port isolation group.
  • S203 The first PE adds the port on the first PE side and the network side port in the first PE in the Ethernet link to the port isolation group.
  • the established port isolation group further includes a port that is connected to the Ethernet link by the first PE, that is, an Ethernet link port, and a network side port in the PE that exchanges information with the remote PE.
  • the embodiment of the present invention can establish a port isolation group by acquiring a port, an Ethernet link port, and a network side port, where the ESI is a valid value detected in the local port, so that the PE receives the data transmitted through the Ethernet link.
  • the packet is controlled to forward the packet to the CE connected to the port other than the port isolation group, so that the traffic backhaul formed on the user side when the PE forwards the packet is effectively solved without changing the hardware of the device. problem.
  • FIG. 3 is a schematic diagram of a scenario of a packet forwarding method according to an embodiment of the present invention.
  • the PE1 may refer to the second PE in the corresponding embodiment of FIG. 1 to FIG.
  • the PE2 can refer to the related description of the first PE in the corresponding embodiment of FIG. 1 to FIG. 2.
  • CE1 is connected to PE1 (that is, CE1 is directly connected to the current EVPN)
  • CE2 is dual-homed to PE1 and PE2 (that is, CE2 is connected to EVPN through PE1 and PE2)
  • CE3 is connected to PE2 and CE4.
  • the dual-homed CE2 and PE1 and PE2 are deployed in the All-Active mode.
  • the link between CE2 and PE1 and PE2 is bundled into an Ethernet trunk.
  • the sites connected to each CE belong to the same EVPN.
  • the double return CE2 is the first CE described above.
  • the ports GE0/0/0 and GE0/0/1 on PE1 and PE2 are added to Vlan10 and Vlan20.
  • the PE1 and PE2 are connected to each other through GE0/0/2 on PE1 and GE0/0/2 on PE2. Further, GE0/0/2 is added to Vlan10 and Vlan20 on PE1 and PE2. in.
  • a port isolation group can be established for Vlan10 and Vlan20 respectively.
  • PE2 that is, the first PE, establishes a port isolation group for Vlan10.
  • the member ports of the isolation group include GE0/0/1, GE0/0/2, and GE0/0/3.
  • the port GE0/0/2 is the port on the first PE side of the Ethernet link, that is, the Ethernet link port.
  • the port GE0/0/1 is the port connected to the first CE in the first PE, and the port GE0/0/ 3 is the network side port.
  • the second PE receives the BUM packet from the local port GE0/0/0
  • the PE1 forwards the packet to the local port GE0/0/1, the Ethernet link port GE0/0/2, and the network.
  • Side GE0/0/3 The BUM packet sent from the port GE0/0/2 is sent to the PE2 through the Ethernet link.
  • the PE2 After receiving the BUM packet from the Vlan10 in the GE0/0/2 port, the PE2 does not isolate the port from the port corresponding to Vlan10 on PE2.
  • the member ports GE0/0/1 and GE0/0/3 are forwarded only to the local port GE0/0/0. This prevents the packets from being forwarded to CE2 through GE0/0/1. Traffic back issue.
  • the EVPN is connected to the EVPN.
  • the port GE0/0/1 can be isolated from the ports corresponding to Vlan10 and Vlan20. If the group is deleted, the BUM packets received by PE2 from Ethernet interface port GE0/0/2 can be forwarded to GE0/0/1.
  • the embodiment of the present invention will not be described again.
  • the embodiment of the present invention can establish an Ethernet link that does not need to encapsulate the data packet between the PE devices, and control the forwarding of the packet to the establishment after receiving the data packet transmitted through the Ethernet link.
  • the CE connected to the port other than the port isolation group effectively solves the problem of traffic returning on the user side when the PE receives the packet and forwards the packet when the CE is dual-homed to the EVPN.
  • FIG. 4 is a schematic diagram of another packet forwarding method according to an embodiment of the present invention.
  • CE1 is connected to PE1.
  • CE2 is dual-homed to PE1 and PE2, CE3 is connected to PE2, and CE4 is connected to PE3.
  • the CE2 is deployed in the All-Active mode between PE2 and PE2.
  • the link between CE2 and PE1 and PE2 is bundled into one Ethernet. Trunk.
  • CE1, CE2, CE3 and The sites connected to CE4 belong to the same EVPN.
  • PE1 and PE2 carry the multicast routes to each other with their respective IP addresses as the next hop address, so that the remote PE, that is, PE3, after receiving the multicast routing message, is the same broadcast domain. It is considered that PE1 and PE2 are two different next hops in the multicast headend replication list. When multicast replication is performed, the packets are copied and sent to the PE1 and PE2 respectively. The problem of double traffic.
  • the PE1 will send the packet from the Ethernet link to the PE2 after receiving the BUM packet from the PE3.
  • PE2 forwards the packet to the local station CE3.
  • PE2 also receives the BUM packet sent by the PE3 from the network side, and forwards the packet to the local station CE3, so that CE3 receives the double BUM packet.
  • similar problems exist for CE1 and will not be described here.
  • the embodiment of the present invention can set the same virtual IP address, such as 1.1.1.1, as the next hop address of the multicast route, and then send the next hop address to the remote PE. That is, PE3.
  • PE3 After receiving the multicast route, PE3 adds 1.1.1.1 to the headend replication list of the corresponding multicast.
  • PE3 sends a BUM packet to the network, only one BUM report is copied to 1.1.1.1 for PE1 and PE2.
  • the text is sent, and the intermediate node P completes the forwarding to PE1 and PE2. Therefore, only one of PE1 and PE2 will receive the BUM message sent by PE3. If the packet is received by PE1, it is forwarded to GE0/0/0, GE0/0/1, and GE0/0/2.
  • PE2 After receiving the packet, PE2 forwards the packet to CE3, thus avoiding CE3 receiving.
  • the forwarding mode of the packet to the PE1 and the PE2 may be the load balancing mode or the active/standby mode, which is not limited in the embodiment of the present invention.
  • the embodiment of the present invention can control the forwarding of the packet to the port except that the Ethernet link is established between the PE devices and the port isolation group is established, so that the PE receives the data packet transmitted through the Ethernet link.
  • the CE connected to the port other than the isolation group does not forward the packet to other CEs. This prevents the PE from receiving the packet and forwarding the packet when the CE is dual-homed to the EVPN.
  • the formed traffic backhaul problem does not need to be encapsulated by the ESI label for traffic judgment to avoid traffic backhaul, by using the solution of the embodiment of the present invention, No need to change the current hardware chip design, saving costs.
  • FIG. 5 is a schematic structural diagram of a first PE according to an embodiment of the present invention.
  • the first PE includes: an establishing unit 11, a receiving unit 12, and a forwarding unit 13. among them,
  • the establishing unit 11 is configured to establish a port isolation group.
  • an Ethernet link is established between the first PE and the second PE, and the port isolation group includes a port on the first PE side of the Ethernet link, and a first connection in the first PE.
  • the port of the CE and the network side port of the first PE, the first CE is a CE that connects the current EVPN through the first PE and the second PE.
  • the packet does not need to be encapsulated.
  • the receiving unit 12 is configured to receive, by using the port on the first PE side of the Ethernet link, a packet forwarded by the second PE.
  • the packet forwarded by the second PE includes a packet sent by the CE to the second PE or a packet sent by the remote PE to the second PE.
  • the forwarding unit 13 is configured to forward the packet received by the receiving unit 12 to a second CE connected to a port other than the port isolation group in the first PE.
  • the forwarding unit 13 may forward the packet to only the port other than the port isolation group.
  • the CE is the second CE.
  • the current CE to PE packet is determined to be forwarded by the second PE, and the second PE forwards the packet to the first PE through the Ethernet link, and the forwarding unit 13 only forwards the current packet to the current PE.
  • the second CE connected to the port other than the port isolation group forwards the packet, and does not forward the packet to the first CE and the network side connected to the first PE.
  • the embodiment of the present invention can establish an Ethernet link that does not need to encapsulate the data packet between the PE devices, and control the forwarding of the packet to the establishment after receiving the data packet transmitted through the Ethernet link.
  • the CE connected to the port other than the port isolation group effectively solves the problem of traffic returning on the user side when the PE receives the packet and forwards the packet when the CE is dual-homed to the EVPN.
  • FIG. 6 is a schematic structural diagram of another first PE according to an embodiment of the present invention.
  • the first PE includes an establishing unit 11, a receiving unit 12, and a forwarding unit 13, where
  • the establishing unit 11 is configured to establish a port isolation group.
  • an Ethernet link is established between the first PE and the second PE, and the port isolation group includes a port on the first PE side of the Ethernet link, and a first connection in the first PE.
  • the port of the CE and the network side port of the first PE, the first CE is a CE that connects the current EVPN through the first PE and the second PE.
  • the packet does not need to be encapsulated.
  • the receiving unit 12 is configured to receive, by using the port on the first PE side of the Ethernet link, a packet forwarded by the second PE.
  • the packet forwarded by the second PE includes a packet sent by the CE to the second PE or a packet sent by the remote PE to the second PE.
  • the forwarding unit 13 is configured to forward the packet received by the receiving unit 12 to a second CE connected to a port other than the port isolation group in the first PE.
  • the forwarding unit 13 may forward the packet to only the port other than the port isolation group.
  • the CE is the second CE.
  • the current CE to PE packet is determined to be forwarded by the second PE, and the second PE forwards the packet to the first PE through the Ethernet link, and the forwarding unit 13 only forwards the current packet to the current PE.
  • the second CE connected to the port other than the port isolation group forwards the packet, and does not forward the packet to the first CE and the network side connected to the first PE.
  • the establishing unit 11 may include:
  • the detecting sub-unit 111 is configured to detect whether the Ethernet segment identifier ESI of each port in the local port is a valid value.
  • the local port is a port in which the CE is connected to the first PE, and the connected CE includes a first CE and a second CE.
  • the establishing unit 11 can detect the sub-list when establishing the port isolation group.
  • the element 111 detects whether the ESI corresponding to each local port of the current PE is a valid value, and determines whether the local port is added to the port isolation group.
  • the control sub-unit 112 is configured to add, as the port of the first PE, the port connected to the first CE to the port isolation group.
  • the detecting sub-unit 111 detects that the ESI corresponding to the current local port is a valid value, it may indicate that the CE connected to the local port is dual-homed to the current EVPN through the first PE and the second PE, that is, the CE is The first CE may be added to the port isolation group by the control sub-unit 112.
  • the control sub-unit 112 is further configured to add the port on the first PE side and the network side port in the first PE in the Ethernet link to the port isolation group.
  • the established port isolation group further includes a port that is connected to the Ethernet link by the first PE, that is, an Ethernet link port, and a network side port in the PE that exchanges information with the remote PE.
  • the first PE may further include:
  • the deleting unit 14 is configured to connect the first CE to the first CE if the first CE in the port isolation group is configured to be dual-homed to the EVPN by the dual-homed connection.
  • the port is removed from the isolation group.
  • the first PE and the second PE have the same virtual IP address, and the first PE further includes:
  • the sending unit 15 is configured to advertise a multicast route to the remote PE, where the next hop address of the multicast route is the virtual IP address.
  • the first PE sends the same virtual IP address to the remote PE as the next hop address by the sending unit 15, and the next hop address of the multicast route advertised by the second PE to the remote PE is also the virtual IP address.
  • the address is such that the remote PE only copies one multicast packet to the same next hop address, so that the CE connected to the first PE or the second PE receives only one packet, avoiding receiving more packets. The problem of duplicate traffic caused by the same message.
  • the receiving unit 12 is specifically configured to:
  • the receiving unit 12 is further configured to:
  • the second PE And receiving, by the second PE, a second multicast packet that is forwarded by the Ethernet link, where the second multicast packet is a packet that is sent by the CE that is connected to the second PE to the second PE.
  • the first PE of the embodiment of the present invention may refer to the related description of the first PE in the corresponding embodiment of FIG. 1 to FIG. 4 .
  • the embodiment of the present invention can control the forwarding of the packet to the port except that the Ethernet link is established between the PE devices and the port isolation group is established, so that the PE receives the data packet transmitted through the Ethernet link.
  • the CE connected to the port other than the isolation group does not forward the packet to other CEs. This prevents the PE from receiving the packet and forwarding the packet when the CE is dual-homed to the EVPN.
  • the formed traffic backhaul problem does not need to be encapsulated by the ESI label for traffic judgment to avoid traffic backhaul.
  • the solution of the embodiment of the present invention does not need to change the current hardware chip design, thereby saving cost.
  • FIG. 7 is a schematic structural diagram of a network device according to an embodiment of the present invention.
  • the network device in the embodiment of the present invention includes: a receiver 300, a transmitter 400, a memory 200, and a processor 100.
  • the memory 200 may be a high speed RAM memory or a non-volatile memory such as at least one disk memory. A corresponding application or the like is stored in the memory 200 as a computer storage medium.
  • the receiver 300, the transmitter 400, the memory 200, and the processor 100 may be connected to each other through a bus, or may be connected by other means. In the present embodiment, a bus connection will be described.
  • the network device in the embodiment of the present invention may be corresponding to the first PE, and is applicable to a scenario in which the first CE is dual-homed to the EVPN through the first PE and the second PE, where the first PE and the first An Ethernet link is established between the two PEs.
  • the first PE may further refer to the related description of the first PE in the corresponding embodiment of FIG. 5 or FIG. 6.
  • the processor 100 performs the following steps:
  • the port isolation group includes a port on the first PE side of the Ethernet link, a port in the first PE that is connected to the first CE, and a network side port on the first PE.
  • the processor 100 is configured to establish a port isolation group, and specifically performs the following steps:
  • Ethernet segment identifier ESI of each port in the local port is a valid value, where the local port is a port to which the CE is connected in the first PE;
  • the ESI is a port that is connected to the first CE to the port isolation group
  • the processor 100 is further configured to:
  • the port connecting the first CE in the first PE is isolated from the Deleted in the group.
  • the first PE and the second PE have the same virtual internet protocol IP address
  • the processor 100 is further configured to:
  • the first PE advertises a multicast route to the remote PE, and the next hop address of the multicast route is the virtual IP address.
  • the processor 100 is configured to receive, by using the port on the first PE side of the Ethernet link, a packet that is forwarded by the second PE, specifically for performing:
  • the processor 100 is configured to receive, by using the port on the first PE side of the Ethernet link, a packet that is forwarded by the second PE, specifically for performing:
  • the second PE And receiving, by the second PE, a second multicast packet that is forwarded by the Ethernet link, where the second multicast packet is a packet that is sent by the CE that is connected to the second PE to the second PE.
  • the embodiment of the present invention can establish an Ethernet link that does not need to encapsulate the data packet between the PE devices, and establish a port isolation group, so that the PE controls the data packet transmitted through the Ethernet link.
  • the packet is forwarded to the CE connected to the port other than the port isolation group, which effectively solves the problem that the PE receives the report when the CE is dual-homed to the PE.
  • the traffic backhaul problem formed on the user side does not need to encapsulate the ESI label, so that the current hardware chip design does not need to be changed, and the cost is saved.
  • FIG. 8 is a schematic structural diagram of a packet forwarding system according to an embodiment of the present invention.
  • the system includes: a first CE10, a first PE20, and a second PE30, where the first CE10 passes the first PE20.
  • the second PE 30 is dual-homed to the EVPN, and the Ethernet link is established between the first PE 20 and the second PE 30, where
  • the second PE 30 is configured to receive the packet sent by the first CE 10, and forward the packet to the first PE 20 by using the Ethernet link.
  • the first PE 20 of the embodiment of the present invention may refer to the related description of the first PE 20 in the corresponding embodiment of FIG. 1 to FIG. 7.
  • the second PE 30 if the second PE 30 receives the packet sent by the first CE 10 through the local port, the second PE 30 forwards the packet to other ports.
  • the other port includes the port on the second PE 30 side of the Ethernet link, and the second PE 30 can send the received packet to the first PE 20 through the port when the packet is forwarded.
  • the first PE 20 is configured to establish a port isolation group, and receive, by the port on the first PE20 side of the Ethernet link, the packet forwarded by the second PE 30, and remove the packet from the first PE20.
  • the second CE connected to the port other than the port isolation group forwards the packet, where the port isolation group includes the port on the first PE20 side of the Ethernet link, and the connection in the first PE20.
  • the port of the first CE 10 and the network side port of the first PE 20 are configured to establish a port isolation group, and receive, by the port on the first PE20 side of the Ethernet link, the packet forwarded by the second PE 30, and remove the packet from the first PE20.
  • the second CE connected to the port other than the port isolation group forwards the packet, where the port isolation group includes the port on the first PE20 side of the Ethernet link, and the connection in the first PE20.
  • the port of the first CE 10 and the network side port of the first PE 20 are configured to establish a port isolation group, and receive, by the port on the first PE20 side of the
  • the first PE 20 receives the packet that is forwarded by the second PE 30 through the Ethernet link, and may forward the CE to the second CE that is connected to the port other than the established port isolation group. Message. Further, if the second CE does not exist in the system, that is, the CE connected to the first PE 20 has only the first CE 20, the packet can be directly discarded when the first PE 20 receives the packet through the Ethernet link. , no forwarding processing.
  • FIG. 9 is a schematic structural diagram of another packet forwarding system according to an embodiment of the present invention.
  • the system includes a first CE 10, a first PE 20, and a second PE 30 of the packet forwarding system.
  • the first CE 10 is dual-homed to the EVPN by the first PE 20 and the second PE 30, and an Ethernet link is established between the first PE 20 and the second PE 30.
  • the system further includes a remote PE 40.
  • the first PE 20 and the second PE 30 have the same virtual IP address.
  • the first PE 20 is further configured to advertise a multicast route to the remote PE 40.
  • the next hop address of the multicast route is the virtual IP address.
  • the second PE 30 is further configured to advertise the multicast route to the remote PE, where a next hop address of the multicast route is the virtual IP address;
  • the second PE 30 is further configured to receive the multicast packet forwarded by the remote PE 40 according to the multicast route, and send the multicast packet to the first PE20 by using the Ethernet link. .
  • the first PE 20 may advertise a multicast route to the remote PE 40, where the next hop address of the multicast route is the virtual IP address, and The next hop address of the multicast route advertised by the second PE 30 to the remote PE 40 is also the same virtual IP address, that is, the next hop address of the first PE 20 acquired by the remote PE 40 and the second PE 30.
  • the next hop address is the same.
  • the remote PE 40 can only copy one multicast packet to the same next hop address according to the next hop address of the first PE 20 and the second PE 30 when receiving the packet sent by the local station. And forwarding the multicast packet to the first PE 20 or the second PE 30.
  • the remote PE 40 forwards the packet to the second PE 30 as an example, and the second PE 30 is used by the second PE 30. Forwarding the multicast packet to the first CE 10 and forwarding the multicast packet to the first PE 20 through the Ethernet link.
  • the first PE 20 may forward the packet to the CE that is connected to the port other than the established port isolation group. Further, if the second CE does not exist in the system, that is, the CE connected to the first PE 20 has only the first CE 20, the packet can be directly discarded when the first PE 20 receives the packet through the Ethernet link. , no forwarding processing.
  • the embodiment of the present invention can control the forwarding of the packet to the port except that the Ethernet link is established between the PE devices and the port isolation group is established, so that the PE receives the data packet transmitted through the Ethernet link.
  • the CE connected to the port other than the isolation group does not forward the packet to other CEs. This prevents the PE from receiving the packet and forwarding the packet when the CE is dual-homed to the EVPN.
  • the formed traffic backhaul problem does not need to be encapsulated by the ESI label for traffic judgment to avoid traffic backhaul, by using the solution of the embodiment of the present invention, No need to change the current hardware chip design, saving costs.
  • the disclosed apparatus and method may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
  • the units described as separate components may or may not be physically separated, and the components displayed as the unit may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. . Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
  • the above-described integrated unit implemented in the form of a software functional unit can be stored in a computer readable storage medium.
  • the above software functional unit is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor to perform the methods of the various embodiments of the present invention. Part of the steps.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like, which can store program codes. .

Abstract

Disclosed are a method, device and system for forwarding a packet, which are applicable to the scenario in which a customer edge (CE) is connected to an Ethernet virtual private network (EVPN) by means of dual homing through a first provider edge (PE) and a second PE, wherein an Ethernet link is established between the first PE and the second PE. The method comprises: the first PE establishes a port isolation group; the first PE receives, through a port at the side of the first PE in the Ethernet link, a packet forwarded by the second PE; and the first PE forwards the packet to a CE connected to ports other than the port isolation group in the first PE. By means of the present invention, the technical problem in the prior art of traffic passing back at the customer side during packet forwarding in the EVPN can be effectively solved without changing the current hardware chip design.

Description

一种报文转发的方法、设备及系统Method, device and system for message forwarding
本申请要求于2014年7月31日提交中国专利局、申请号为CN201410373934.X、发明名称为“一种报文转发的方法、设备及系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed on July 31, 2014, the Chinese Patent Office, the application number is CN201410373934.X, and the invention name is "a method, device and system for message forwarding". The citations are incorporated herein by reference.
技术领域Technical field
本发明涉及通信技术领域,尤其涉及一种报文转发的方法、设备及系统。The present invention relates to the field of communications technologies, and in particular, to a packet forwarding method, device, and system.
背景技术Background technique
以太虚拟专用网(Virtual Private Network,VPN)通过跨多协议标签交换(Multi-Protocol Label Switching,MPLS)承载网将不同地域的客户站点连接起来,使这些站点能像同一个局域网(Local Area Network,LAN)那样工作。以太虚拟专用网(Ethernet Virtual Private Network,EVPN)是一种基于边界网关协议(Border Gateway Protocol,BGP)和MPLS的以太VPN技术,相比传统以太VPN,EVPN的一个很大的优势在于可以实现All-Active模式,即用户边缘设备(Customer Edge,CE)多归接入到多个供应商边缘设备(Provider Edge,PE),该多个PE可称为多归PE,CE与多归PE之间部署跨设备链路聚合组(Multi-Chassis Link Aggregation Group,MC_LAG),将CE与多个PE之间的链路捆绑成一个以太Trunk,从CE到PE的某个给定虚拟局域网(Virtual Local Area Network,VLAN)的流量,可以通过该多个PE的任一个进行转发,该PE的选择取决于CE从以太Trunk链路上发送数据报文时所选取的负载分担算法。The virtual private network (VPN) connects the customer sites in different regions through the Multi-Protocol Label Switching (MPLS) bearer network, so that these sites can be like the same local area network (Local Area Network, LAN) works like that. Ethernet Virtual Private Network (EVPN) is an Ethernet VPN technology based on Border Gateway Protocol (BGP) and MPLS. Compared with traditional Ethernet VPN, EVPN has a great advantage in that it can achieve All. -Active mode, that is, the user edge device (CE) is connected to multiple provider edge devices (PEs). The multiple PEs can be called multi-homed PEs, and between CEs and multi-homed PEs. A multi-Chassis Link Aggregation Group (MC_LAG) is deployed to bundle the link between the CE and multiple PEs into one Ethernet trunk and a given virtual local area network from the CE to the PE. The traffic of the network can be forwarded by any one of the multiple PEs. The selection of the PE depends on the load sharing algorithm selected by the CE when sending data packets from the Ethernet trunk link.
然而,在实现All-Active模式时,从本地站点发送到PE设备的广播、未知单播、组播(Broadcast,Unknown unicast,Multicast,BUM)流量在用户侧容易形成三角环路,导致流量回传。However, when the All-Active mode is implemented, the broadcast, unicast, and multicast (BUM) traffic sent from the local device to the PE device is easy to form a triangular loop on the user side, resulting in traffic return. .
目前,为了解决上述CE与多归PE之间部署MC_LAG时出现的三角环路问题,EVPN协议中定义了水平分割的机制,即在多归PE从本端站 点接收到BUM流量并向属于同一VPN的其它成员PE复制和转发时,在数据报文封装中携带报文源标识,即封装以太网段标识(Ethernet Segment Identifier,ESI)标签,接收端PE接收到BUM流量时,通过数据报文封装中携带的源标识信息判断是否需要向本端站点转发,若报文目的地与报文接收源具有相同的标识,即报文目的地ESI与该接收报文的ESI相同,则丢弃报文。然而,该水平分割机制需要源PE(即:接收到本地站点发送的BUM的PE)在向网络侧转发BUM报文时封装ESI标签,并在目的PE解释ESI标签,但现有的交换机产品受限于硬件芯片限制并不支持ESI标签的封装和处理,除非更改硬件芯片设计来支持ESI标签的封装和处理,但这样会增加产品的成本。Currently, in order to solve the triangular loop problem that occurs when the MC_LAG is deployed between the CE and the multi-homed PE, the EVPN protocol defines a horizontal splitting mechanism, that is, the multi-homing PE from the local end station. When receiving the BUM traffic and transmitting and forwarding it to other PEs that belong to the same VPN, the packet carries the packet source identifier in the data packet encapsulation, that is, the Ethernet Segment Identifier (ESI) label is encapsulated, and the receiving end PE receives the packet. When the BUM traffic is received, the source identifier information carried in the data packet encapsulation is used to determine whether it needs to be forwarded to the local site. If the packet destination has the same identifier as the packet receiving source, that is, the packet destination ESI and the receiving packet If the ESI of the file is the same, the packet is discarded. However, the horizontal splitting mechanism requires the source PE (ie, the PE that receives the BUM sent by the local station) to encapsulate the ESI label when forwarding the BUM message to the network side, and interpret the ESI label on the destination PE, but the existing switch product is subject to Limited to hardware chip limitations does not support the packaging and processing of ESI tags, unless the hardware chip design is changed to support the packaging and processing of ESI tags, but this will increase the cost of the product.
发明内容Summary of the invention
本发明实施例提供了一种报文转发的方法、设备及系统,用于解决现有技术中EVPN网络报文转发过程中发生在用户侧的流量出现回传的技术问题。The embodiments of the present invention provide a method, a device, and a system for forwarding a packet, which are used to solve the technical problem that the traffic on the user side occurs in the EVPN network packet forwarding process in the prior art.
第一方面,本发明实施例提供了一种报文转发的方法,所述方法适用于第一CE通过第一PE和第二PE双归属连接EVPN的场景,所述第一PE与所述第二PE之间建立以太链路,所述方法包括:In a first aspect, the embodiment of the present invention provides a method for forwarding a packet, where the method is applicable to a scenario in which a first CE is dual-homed to an EVPN by using a first PE and a second PE, and the first PE and the first An Ethernet link is established between the two PEs, and the method includes:
所述第一PE建立端口隔离组,所述端口隔离组包括所述以太链路中所述第一PE侧的端口、所述第一PE中连接所述第一CE的端口以及所述第一PE的网络侧端口;The first PE establishes a port isolation group, where the port isolation group includes a port on the first PE side of the Ethernet link, a port in the first PE that is connected to the first CE, and the first Network side port of the PE;
所述第一PE通过所述以太链路中所述第一PE侧的端口接收所述第二PE转发的报文;Receiving, by the first PE, a packet forwarded by the second PE by using a port on the first PE side of the Ethernet link;
所述第一PE向所述第一PE中除所述端口隔离组以外的端口所连接的第二CE转发所述报文。The first PE forwards the packet to a second CE connected to a port other than the port isolation group in the first PE.
结合第一方面,在第一种可能的实现方式中,所述第一PE建立端口隔离组包括:With reference to the first aspect, in a first possible implementation, the first PE establishing a port isolation group includes:
所述第一PE分别检测本地端口中各端口的以太网段标识ESI是否为有效值,所述本地端口为所述第一PE中连接有CE的端口; The first PE detects whether the Ethernet segment identifier ESI of each port in the local port is a valid value, and the local port is a port to which the CE is connected in the first PE;
所述第一PE将所述本地端口中所述ESI为有效值的端口作为所述第一PE中连接所述第一CE的端口加入到端口隔离组中;The first PE adds a port whose ESI is a valid value in the local port to a port isolation group as a port connected to the first CE in the first PE;
所述第一PE将所述以太链路中所述第一PE侧的端口以及所述第一PE中的网络侧端口加入到所述端口隔离组中。The first PE adds the port on the first PE side and the network side port in the first PE in the Ethernet link to the port isolation group.
结合第一方面的第一种可能的实现方式,在第二种可能的实现方式中,所述方法还包括:In conjunction with the first possible implementation of the first aspect, in a second possible implementation, the method further includes:
若所述第一PE检测到所述端口隔离组中所述第一CE由双归属连接所述EVPN变为单归属连接所述EVPN,则将所述第一PE中连接所述第一CE的端口从所述隔离组中删除。If the first PE detects that the first CE in the port isolation group is dual-homed to the EVPN, the first CE is connected to the first CE. The port is removed from the isolation group.
结合第一方面,或者第一方面的第一种可能的实现方式,或者第一方面的第二种可能的实现方式,在第三种可能的实现方式中,所述第一PE与所述第二PE具有相同的虚拟互联网协议IP地址,所述方法还包括:With reference to the first aspect, or the first possible implementation manner of the first aspect, or the second possible implementation manner of the first aspect, in a third possible implementation manner, the first PE and the first The two PEs have the same virtual internet protocol IP address, and the method further includes:
所述第一PE向远端PE发布组播路由,所述组播路由的下一跳地址为所述虚拟IP地址,所述第二PE向所述远端PE发布的所述组播路由的下一跳地址为所述虚拟IP地址。The first PE advertises a multicast route to the remote PE, where the next hop address of the multicast route is the virtual IP address, and the multicast route advertised by the second PE to the remote PE The next hop address is the virtual IP address.
结合第一方面的第三种可能的实现方式,在第四种可能的实现方式中,所述第一PE通过所述以太链路中所述第一PE侧的端口接收所述第二PE转发的报文包括:With the third possible implementation of the first aspect, in a fourth possible implementation, the first PE receives the second PE forwarding by using the port on the first PE side of the Ethernet link. The message includes:
所述第一PE接收所述第二PE通过所述以太链路转发的第一组播报文,所述第一组播报文为所述远端PE根据所述组播路由向所述第二PE发送的报文。Receiving, by the first PE, the first multicast packet that is forwarded by the second PE by using the Ethernet link, where the first multicast packet is sent by the remote PE according to the multicast route The packet sent by the second PE.
结合第一方面,或者第一方面的第一种可能的实现方式,或者第一方面的第二种可能的实现方式,在第五种可能的实现方式中,所述第一PE通过所述以太链路中所述第一PE侧的端口接收所述第二PE转发的报文包括:With reference to the first aspect, or the first possible implementation manner of the first aspect, or the second possible implementation manner of the first aspect, in a fifth possible implementation manner, the first PE passes the The receiving, by the port on the first PE side of the link, the packet forwarded by the second PE includes:
所述第一PE接收所述第二PE通过所述以太链路转发的第二组播报文,所述第二组播报文为与所述第二PE连接的CE向所述第二PE发送的报文。The first PE receives the second multicast packet that is forwarded by the second PE by using the Ethernet link, and the second multicast packet is a CE that is connected to the second PE to the second PE. The message sent.
第二方面,本发明实施例还提供了一种报文转发的第一PE,用于第 一CE通过所述第一PE和第二PE双归属连接EVPN的场景,所述第一PE与所述第二PE之间建立以太链路,所述第一PE包括:In a second aspect, the embodiment of the present invention further provides a first PE for packet forwarding, which is used for A CE is configured to establish an Ethernet link between the first PE and the second PE by using the first PE and the second PE to connect to the EVPN. The first PE includes:
建立单元,用于建立端口隔离组,所述端口隔离组包括所述以太链路中所述第一PE侧的端口、所述第一PE中连接所述第一CE的端口以及所述第一PE的网络侧端口;a establishing unit, configured to establish a port isolation group, where the port isolation group includes a port on the first PE side of the Ethernet link, a port in the first PE that is connected to the first CE, and the first Network side port of the PE;
接收单元,用于通过所述以太链路中所述第一PE侧的端口接收所述第二PE转发的报文;a receiving unit, configured to receive, by using a port on the first PE side of the Ethernet link, a packet that is forwarded by the second PE;
转发单元,用于向所述第一PE中除所述端口隔离组以外的端口所连接的第二CE转发所述接收单元接收的所述报文。And a forwarding unit, configured to forward, to the second CE connected to the port other than the port isolation group, the packet received by the receiving unit.
结合第二方面,在第一种可能的实现方式中,所述建立单元包括:With reference to the second aspect, in a first possible implementation manner, the establishing unit includes:
检测子单元,用于分别检测本地端口中各端口的以太网段标识ESI是否为有效值,所述本地端口为所述第一PE中连接有CE的端口;a detecting subunit, configured to detect, respectively, whether an Ethernet segment identifier ESI of each port in the local port is a valid value, where the local port is a port to which the CE is connected in the first PE;
控制子单元,用于将所述本地端口中所述ESI为有效值的端口作为所述第一PE中连接所述第一CE的端口加入到端口隔离组中;a control subunit, configured to add, as the port of the first PE, the port connected to the first CE to the port isolation group;
所述控制子单元,还用于将所述以太链路中所述第一PE侧的端口以及所述第一PE中的网络侧端口加入到所述端口隔离组中。The control subunit is further configured to add the port on the first PE side and the network side port in the first PE in the Ethernet link to the port isolation group.
结合第二方面的第一种可能的实现方式,在第二种可能的实现方式中,所述第一PE还包括:With reference to the first possible implementation of the second aspect, in a second possible implementation, the first PE further includes:
删除单元,用于若检测到所述端口隔离组中所述第一CE由双归属连接所述EVPN变为单归属连接所述EVPN,则将所述第一PE中连接所述第一CE的端口从所述隔离组中删除。a deleting unit, configured to connect the first CE to the first CE by detecting that the first CE in the port isolation group is dual-homed to the EVPN by the dual-homed connection The port is removed from the isolation group.
结合第二方面,或者第二方面的第一种可能的实现方式,或者第二方面的第二种可能的实现方式,在第三种可能的实现方式中,所述第一PE与所述第二PE具有相同的虚拟IP地址,所述第一PE还包括:With reference to the second aspect, or the first possible implementation manner of the second aspect, or the second possible implementation manner of the second aspect, in a third possible implementation manner, the first PE and the first The two PEs have the same virtual IP address, and the first PE further includes:
发送单元,用于向远端PE发布组播路由,所述组播路由的下一跳地址为所述虚拟IP地址。The sending unit is configured to advertise a multicast route to the remote PE, where the next hop address of the multicast route is the virtual IP address.
结合第二方面的第三种可能的实现方式,在第四种可能的实现方式中,所述接收单元具体用于:In conjunction with the third possible implementation of the second aspect, in a fourth possible implementation, the receiving unit is specifically configured to:
接收所述第二PE通过所述以太链路转发的第一组播报文,所述第一 组播报文为所述远端PE根据所述组播路由向所述第二PE发送的报文。Receiving, by the second PE, the first multicast packet that is forwarded by the Ethernet link, where the first The multicast packet is a packet sent by the remote PE to the second PE according to the multicast route.
结合第二方面,或者第二方面的第一种可能的实现方式,或者第二方面的第二种可能的实现方式,在第五种可能的实现方式中,所述接收单元具体用于:With reference to the second aspect, or the first possible implementation manner of the second aspect, or the second possible implementation manner of the second aspect, in a fifth possible implementation manner, the receiving unit is specifically configured to:
接收所述第二PE通过所述以太链路转发的第二组播报文,所述第二组播报文为与所述第二PE连接的CE向所述第二PE发送的报文。And receiving, by the second PE, a second multicast packet that is forwarded by the Ethernet link, where the second multicast packet is a packet that is sent by the CE that is connected to the second PE to the second PE.
第三方面,本发明实施例还提供了一种报文转发系统,所述系统包括:第一CE、第一PE和第二PE,所述第一CE通过所述第一PE和所述第二PE双归属连接EVPN,所述第一PE与所述第二PE之间建立以太链路,其中,In a third aspect, the embodiment of the present invention further provides a packet forwarding system, where the system includes: a first CE, a first PE, and a second PE, where the first CE passes the first PE and the first Two PEs are dual-homed to the EVPN, and an Ethernet link is established between the first PE and the second PE, where
所述第二PE,用于接收所述第一CE发送的报文,并通过所述以太链路将所述报文转发至所述第一PE;The second PE is configured to receive the packet sent by the first CE, and forward the packet to the first PE by using the Ethernet link;
所述第一PE,用于建立端口隔离组,通过所述以太链路中所述第一PE侧的端口接收所述第二PE转发的所述报文,并向所述第一PE中除所述端口隔离组以外的端口所连接的第二CE转发所述报文,所述端口隔离组包括所述以太链路中所述第一PE侧的端口、所述第一PE中连接所述第一CE的端口以及所述第一PE的网络侧端口。The first PE is configured to establish a port isolation group, and receive, by the port on the first PE side of the Ethernet link, the packet forwarded by the second PE, and remove the packet from the first PE. The second CE connected to the port other than the port isolation group forwards the packet, where the port isolation group includes the port on the first PE side of the Ethernet link, and the connection in the first PE a port of the first CE and a network side port of the first PE.
结合第三方面,在第一种可能的实现方式中,所述系统还包括远端PE,所述第一PE与所述第二PE具有相同的虚拟IP地址,所述系统还包括:With reference to the third aspect, in a first possible implementation, the system further includes a remote PE, where the first PE and the second PE have the same virtual IP address, and the system further includes:
所述第一PE,还用于向所述远端PE发布组播路由,所述组播路由的下一跳地址为所述虚拟IP地址;The first PE is further configured to advertise a multicast route to the remote PE, where a next hop address of the multicast route is the virtual IP address;
所述第二PE,还用于向所述远端PE发布所述组播路由,所述组播路由的下一跳地址为所述虚拟IP地址;The second PE is further configured to advertise the multicast route to the remote PE, where a next hop address of the multicast route is the virtual IP address;
所述第二PE接收远端PE发送的报文,并通过所述以太链路将所述报文转发至所述第一PE,包括:Receiving, by the second PE, the packet sent by the remote PE, and forwarding the packet to the first PE by using the Ethernet link, including:
所述第二PE接收远端PE根据所述组播路由转发的组播报文,并通过所述以太链路将所述组播报文发送至所述第一PE。The second PE receives the multicast packet forwarded by the remote PE according to the multicast route, and sends the multicast packet to the first PE by using the Ethernet link.
本发明实施例可通过在PE设备之间建立以太链路,并通过建立端口隔离组,使得PE在接收到通过该以太链路传输的数据报文时控制将该报 文转发至除该端口隔离组以外的端口所连接的CE,而不再向其他CE转发该报文,从而有效解决了CE通过PE双归属连接到EVPN时该PE在接收到报文并进行报文转发时在用户侧形成的流量回传问题,不需要再通过封装ESI标签来用于流量判断避免流量回传,通过本发明实施例的方案,无需更改当前硬件芯片设计,节约了成本。The embodiment of the present invention can control the report by establishing an Ethernet link between the PE devices and establishing a port isolation group, so that the PE receives the data packet transmitted through the Ethernet link. The packet is forwarded to the CE connected to the port other than the port isolation group, and the packet is not forwarded to other CEs. This ensures that the PE receives the packet and reports it when the CE is dual-homed to the EVPN. The traffic backhaul problem formed on the user side during the forwarding of the file does not need to be encapsulated by the ESI label for traffic judgment to avoid traffic backhaul. The solution of the embodiment of the present invention does not need to change the current hardware chip design, thereby saving cost.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work.
图1是本发明实施例提供的一种报文转发的方法的流程示意图;1 is a schematic flowchart of a method for packet forwarding according to an embodiment of the present invention;
图2是本发明实施例提供的一种建立端口隔离组的方法的流程示意图;2 is a schematic flowchart of a method for establishing a port isolation group according to an embodiment of the present invention;
图3是本发明实施例提供的一种报文转发的方法的场景示意图;3 is a schematic diagram of a scenario of a packet forwarding method according to an embodiment of the present invention;
图4是本发明实施例提供的另一种报文转发的方法的场景示意图;4 is a schematic diagram of a scenario of another method for packet forwarding according to an embodiment of the present invention;
图5是本发明实施例提供的一种第一PE的结构示意图;FIG. 5 is a schematic structural diagram of a first PE according to an embodiment of the present disclosure;
图6是本发明实施例提供的另一种第一PE的结构示意图;FIG. 6 is a schematic structural diagram of another first PE according to an embodiment of the present disclosure;
图7是本发明实施例提供的一种网络设备的结构示意图;FIG. 7 is a schematic structural diagram of a network device according to an embodiment of the present disclosure;
图8是本发明实施例提供的又一种报文转发系统的结构示意图;FIG. 8 is a schematic structural diagram of still another packet forwarding system according to an embodiment of the present disclosure;
图9是本发明实施例提供的又一种报文转发系统的结构示意图。FIG. 9 is a schematic structural diagram of still another packet forwarding system according to an embodiment of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。 The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, but not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
需要说明的是,本发明实施例适用于第一CE通过第一PE和第二PE双归属连接EVPN的场景,该双归属连接的CE即第一CE与该第一PE、第二PE之间采用All-Active模式部署,即将该CE到第一PE、第二PE之间的链路捆绑成一个以太Trunk,从该CE到PE的某个给定VLAN流量,可通过该第一PE或第二PE进行转发。进一步的,所述第一PE与所述第二PE之间建立以太链路。It should be noted that the embodiment of the present invention is applicable to a scenario in which the first CE is dual-homed to the EPE through the first PE and the second PE, where the dual-homed CE is between the first CE and the first PE and the second PE. In the All-Active mode, the link between the CE and the first PE and the second PE is bundled into an Ethernet trunk. The traffic from the CE to the PE can pass through the first PE or the first PE. The second PE forwards. Further, an Ethernet link is established between the first PE and the second PE.
请参见图1,是本发明实施例提供的一种报文转发的方法的流程示意图,本发明实施例的所述方法具体可应用于所述第一PE中,具体的,所述方法包括:FIG. 1 is a schematic flowchart of a method for forwarding a packet according to an embodiment of the present invention. The method in the embodiment of the present invention is specifically applicable to the first PE. Specifically, the method includes:
S101:第一PE建立端口隔离组,该端口隔离组包括以太链路中所述第一PE侧的端口、所述第一PE中连接第一CE的端口以及所述第一PE的网络侧端口。S101: The first PE establishes a port isolation group, where the port isolation group includes a port on the first PE side of the Ethernet link, a port in the first PE that is connected to the first CE, and a network side port on the first PE. .
需要说明的是,现有的通过隧道传输数据报文需要对从CE侧接收的原始以太数据报文进行隧道封装,而本发明实施例相比于传统的通过隧道传输数据报文,在第一PE和第二PE之间通过该以太链路传输接收到的以太数据报文时则不需要对该报文进行隧道封装,从而可在一定程度上简化数据传输过程。It should be noted that the existing data packet transmitted through the tunnel needs to be encapsulated in the original Ethernet data packet received from the CE side, and the embodiment of the present invention is compared with the traditional data packet transmitted through the tunnel. When the Ethernet and the second PE transmit the received Ethernet data packet through the Ethernet link, the packet does not need to be encapsulated in the tunnel, so that the data transmission process can be simplified to some extent.
具体实施例中,在第一PE与第二PE之间通过以太链路建立连接之后,可对该以太链路中所述第一PE侧的端口即该以太链路与第一PE相连接的端口(后简称为以太链路端口)进行VLAN设置,将该以太链路端口加入到需要通过EVPN进行扩展的VLAN中,并为该VLAN建立端口隔离组。In a specific embodiment, after the connection between the first PE and the second PE is established through the Ethernet link, the port on the first PE side of the Ethernet link, that is, the Ethernet link is connected to the first PE. A port (hereafter referred to as an Ethernet link port) is used for VLAN configuration. The Ethernet link port is added to a VLAN that needs to be extended by EVPN, and a port isolation group is established for the VLAN.
进一步的,该以太链路端口的VLAN设置可在建立该以太链路时触发自动完成,即在将PE与CE连接的端口加入到需要扩展的VLAN中时,自动将该以太链路端口也加入到该VLAN中,或者通过手动配置将以太该链路端口加入到该VLAN中。其中,该需要扩展的VLAN可以有多个。Further, the VLAN setting of the Ethernet link port may be automatically completed when the Ethernet link is established, that is, when the port connecting the PE and the CE is added to the VLAN to be extended, the Ethernet link port is also automatically added. Go to the VLAN or add the Ethernet link to the VLAN by manual configuration. There may be multiple VLANs that need to be extended.
进一步的,若需要扩展的VLAN有多个,即该以太链路端口加入了多个VLAN,则可为该以太链路端口的每个VLAN建立一个端口隔离组。进一步的,在同一端口隔离组的端口均属于同一VLAN。Further, if there are multiple VLANs to be extended, that is, the Ethernet link port is added to multiple VLANs, a port isolation group may be established for each VLAN of the Ethernet link port. Further, the ports in the same port isolation group belong to the same VLAN.
S102:所述第一PE通过所述以太链路中所述第一PE侧的端口接收 所述第二PE转发的报文。S102: The first PE receives the port on the first PE side in the Ethernet link. The packet forwarded by the second PE.
具体实施例中,该第二PE转发的报文包括与第二PE连接的CE向该第二PE发送的报文或远端PE向该第二PE转发的报文。In a specific embodiment, the packet forwarded by the second PE includes a packet sent by the CE connected to the second PE to the second PE or a packet forwarded by the remote PE to the second PE.
目前远端PE在接收到本地CE发送的报文并对第一PE和第二PE进行报文转发时,由于按照EVPN协议的定义,第一PE和第二PE在向外发送组播路由时携带的是各自的IP地址作为下一跳地址,这样远端PE在接收到组播路由后,对于同一个广播域会认为该第一PE和第二PE是组播头端复制列表中两个不同的下一跳,在进行组播复制时会分别向该第一PE和第二PE复制和发送报文,则可能出现在接入侧CE收到双份流量导致流量重复的问题。When the remote PE receives the packet sent by the local CE and forwards the packet to the first PE and the second PE, the first PE and the second PE send the multicast route when the packet is forwarded according to the definition of the EVPN protocol. Carrying the respective IP addresses as the next hop addresses, so that after receiving the multicast route, the remote PE considers that the first PE and the second PE are two in the multicast headend replication list for the same broadcast domain. Different multicast packets are duplicated and sent to the first PE and the second PE during the multicast replication. The problem occurs when the access side CE receives double traffic and the traffic is duplicated.
进一步的,为解决上述流量重复问题,可为该第一PE预先配置虚拟互联网协议(Internet Protocol,IP)地址,且所述第一PE与所述第二PE具有相同的虚拟IP地址,该第一PE向远端PE发布组播路由时,所述组播路由的下一跳地址即为所述虚拟IP地址,且所述第二PE向所述远端PE发布的所述组播路由的下一跳地址也为所述虚拟IP地址,使得远端PE接收到第一PE和第二PE发送的相同下一跳地址时仅向该相同的下一跳地址仅复制一份组播报文,即将该组播报文转发至所述第一PE或所述第二PE,从而避免了接入侧CE收到双份流量导致流量重复的问题。本发明实施例以远端PE将该报文转发至第二PE为例进行说明,并由第二PE通过以太链路将所述组播报文转发至第一PE。Further, in order to solve the above problem of the traffic repetition, a virtual Internet Protocol (IP) address may be pre-configured for the first PE, and the first PE and the second PE have the same virtual IP address, the first When a PE advertises a multicast route to the remote PE, the next hop address of the multicast route is the virtual IP address, and the multicast route advertised by the second PE to the remote PE The next hop address is also the virtual IP address, so that the remote PE only copies one multicast packet to the same next hop address when receiving the same next hop address sent by the first PE and the second PE. The multicast packet is forwarded to the first PE or the second PE, thereby avoiding the problem that the access side CE receives double traffic and causes traffic to be duplicated. In the embodiment of the present invention, the remote PE forwards the packet to the second PE as an example, and the second PE forwards the multicast packet to the first PE through the Ethernet link.
可选地,该第一PE通过所述以太链路中所述第一PE侧的端口接收所述第二PE转发的报文可以是:接收所述第二PE通过所述以太链路转发的第一组播报文,所述第一组播报文为所述远端PE根据所述组播路由向所述第二PE发送的报文。Optionally, the receiving, by the first PE, the packet forwarded by the second PE by using the port on the first PE side of the Ethernet link may be: receiving, by the second PE, forwarding by using the Ethernet link. The first multicast packet is the packet sent by the remote PE to the second PE according to the multicast route.
可选地,该第一PE通过所述以太链路中所述第一PE侧的端口接收所述第二PE转发的报文还可以是:接收所述第二PE通过所述以太链路转发的第二组播报文,所述第二组播报文为与所述第二PE连接的CE向所述第二PE发送的报文。Optionally, the receiving, by the first PE, the packet that is forwarded by the second PE by using the port on the first PE side of the Ethernet link may be: receiving, by the second PE, forwarding by using the Ethernet link. The second multicast packet is a packet sent by the CE connected to the second PE to the second PE.
S103:所述第一PE向所述第一PE中除所述端口隔离组以外的端口 所连接的第二CE转发所述报文。S103: The first PE sends a port other than the port isolation group to the first PE. The connected second CE forwards the message.
具体实施例中,若该第一PE接收到第二PE通过该以太链路发送的数据报文,则可将所述报文仅转发至除所述端口隔离组以外的端口所连接的第二CE。具体的,比如当前第一CE到PE的报文确定通过该第二PE进行转发,并由该第二PE通过以太链路将所述报文转发至第一PE,则第一PE仅向当前端口隔离组以外的端口所连接的CE即第二CE转发该报文,而不向该端口隔离组中的第一CE及网络侧转发该报文,使得与第一PE及第二PE相连接的第一CE仅接收到一份该报文,避免接收到多份相同报文而造成的流量出现回传的问题。In a specific embodiment, if the first PE receives the data packet sent by the second PE through the Ethernet link, the packet may be forwarded only to the second port connected to the port other than the port isolation group. CE. Specifically, for example, the first CE to the PE is determined to be forwarded by the second PE, and the second PE forwards the packet to the first PE through the Ethernet link, and the first PE only forwards the current PE to the current PE. The CE connected to the port other than the port isolation group forwards the packet, and does not forward the packet to the first CE and the network side of the port isolation group, so that the first PE and the second PE are connected. The first CE receives only one packet, avoiding the problem of traffic return caused by receiving multiple identical packets.
实施本发明实施例可通过在PE设备之间建立以太链路,并通过建立端口隔离组,使得PE在接收到通过该以太链路传输的数据报文时控制将该报文转发至除该端口隔离组以外的端口所连接的CE,而不再向其他CE转发该报文,从而有效解决了CE通过PE双归属连接到EVPN时该PE在接收到报文并进行报文转发时在用户侧形成的流量回传问题,不需要再通过封装ESI标签来用于流量判断避免流量回传,通过本发明实施例的方案,无需更改当前硬件芯片设计,节约了成本。The embodiment of the present invention can control the forwarding of the packet to the port except that the Ethernet link is established between the PE devices and the port isolation group is established, so that the PE receives the data packet transmitted through the Ethernet link. The CE connected to the port other than the isolation group does not forward the packet to other CEs. This prevents the PE from receiving the packet and forwarding the packet when the CE is dual-homed to the EVPN. The formed traffic backhaul problem does not need to be encapsulated by the ESI label for traffic judgment to avoid traffic backhaul. The solution of the embodiment of the present invention does not need to change the current hardware chip design, thereby saving cost.
请参见图2,是本发明实施例提供的一种建立端口隔离组的方法的流程示意图,具体的,所述方法包括:2 is a schematic flowchart of a method for establishing a port isolation group according to an embodiment of the present invention. Specifically, the method includes:
S201:第一PE分别检测本地端口中各端口的以太网段标识ESI是否为有效值。S201: The first PE detects whether the Ethernet segment identifier ESI of each port in the local port is a valid value.
其中,所述本地端口为所述第一PE中连接有CE的端口,该连接的CE包括第一CE和第二CE。The local port is a port in which the CE is connected to the first PE, and the connected CE includes a first CE and a second CE.
具体实施例中,第一PE在为以太链路端口所在的VLAN建立端口隔离组时,可通过分别检测当前PE的各本地端口对应的以太网段标识(Ethernet Segment Identifier,ESI)是否为有效值,来确定是否将该本地端口加入至该端口隔离组中。In a specific embodiment, when the first PE establishes a port isolation group for the VLAN where the Ethernet link port is located, it can detect whether the Ethernet segment identifier (ESI) corresponding to each local port of the current PE is a valid value. To determine if the local port is added to the port isolation group.
S202:所述第一PE将所述本地端口中所述ESI为有效值的端口作为所述第一PE中连接第一CE的端口加入到端口隔离组中。S202: The first PE adds the port with the ESI as the valid value in the local port as the port connected to the first CE in the first PE to the port isolation group.
具体的,若检测到当前本地端口对应的ESI为有效值,则可表示与该 本地端口连接的CE通过该第一PE和第二PE双归属连接到当前EVPN,即该CE为第一CE,则可将该本地端口加入到该端口隔离组中。Specifically, if it is detected that the ESI corresponding to the current local port is a valid value, the The CE connected to the local port is connected to the current EVPN through the dual-homing of the first PE and the second PE. If the CE is the first CE, the local port can be added to the port isolation group.
进一步的,若所述第一PE检测到所述端口隔离组中所述第一CE由双归属连接所述EVPN变为单归属连接所述EVPN,则将所述第一PE中连接所述第一CE的端口从所述隔离组中删除。具体的,该CE单归属连接所述EVPN可表示该CE通过第一PE或第二PE连接该EVPN,即该CE与第二PE或第一PE之间的链路Down,则可将该第一PE中连接所述第一CE的端口从端口隔离组中删除。Further, if the first PE detects that the first CE in the port isolation group is dual-homed to the EVPN, the first PE is connected to the first PE. The port of a CE is deleted from the isolation group. Specifically, the CE single-homing connection to the EVPN may indicate that the CE is connected to the EVPN through the first PE or the second PE, that is, the link between the CE and the second PE or the first PE is Down, and the The port connecting the first CE in a PE is deleted from the port isolation group.
S203:所述第一PE将以太链路中所述第一PE侧的端口以及所述第一PE中的网络侧端口加入到所述端口隔离组中。S203: The first PE adds the port on the first PE side and the network side port in the first PE in the Ethernet link to the port isolation group.
进一步的,该建立的端口隔离组还包括第一PE与所述以太链路相连接的端口即以太链路端口,以及该PE中与远端PE进行信息交互的网络侧端口。Further, the established port isolation group further includes a port that is connected to the Ethernet link by the first PE, that is, an Ethernet link port, and a network side port in the PE that exchanges information with the remote PE.
实施本发明实施例可通过获取本地端口中检测到的ESI为有效值的端口、以太链路端口以及网络侧端口,来建立端口隔离组,以便于PE在接收到通过该以太链路传输的数据报文时控制将该报文转发至除该端口隔离组以外的端口所连接的CE,从而在不更改设备硬件的前提下有效解决了PE在进行报文转发时在用户侧形成的流量回传问题。The embodiment of the present invention can establish a port isolation group by acquiring a port, an Ethernet link port, and a network side port, where the ESI is a valid value detected in the local port, so that the PE receives the data transmitted through the Ethernet link. The packet is controlled to forward the packet to the CE connected to the port other than the port isolation group, so that the traffic backhaul formed on the user side when the PE forwards the packet is effectively solved without changing the hardware of the device. problem.
请参见图3,是本发明实施例提供的一种报文转发方法的场景示意图,在本发明实施例的所述方法中,该PE1可参照图1至图2对应实施例中的第二PE的相关描述,该PE2可参照图1至图2对应实施例中的第一PE的相关描述。具体的,如图3所示,CE1连接到PE1(即CE1单归属连接当前EVPN),CE2双归连接到PE1和PE2(即CE2通过PE1和PE2双归属连接EVPN),CE3连接到PE2,CE4连接到PE3,该双归CE2与PE1、PE2之间采用All-Active模式部署,即将该CE2与PE1、PE2之间的链路捆绑成一个以太Trunk。其中,各CE所连接的站点都属于同一EVPN。该双归CE2即为上述的第一CE。FIG. 3 is a schematic diagram of a scenario of a packet forwarding method according to an embodiment of the present invention. In the method of the embodiment of the present invention, the PE1 may refer to the second PE in the corresponding embodiment of FIG. 1 to FIG. For related descriptions, the PE2 can refer to the related description of the first PE in the corresponding embodiment of FIG. 1 to FIG. 2. Specifically, as shown in Figure 3, CE1 is connected to PE1 (that is, CE1 is directly connected to the current EVPN), and CE2 is dual-homed to PE1 and PE2 (that is, CE2 is connected to EVPN through PE1 and PE2), and CE3 is connected to PE2 and CE4. Connected to PE3, the dual-homed CE2 and PE1 and PE2 are deployed in the All-Active mode. The link between CE2 and PE1 and PE2 is bundled into an Ethernet trunk. The sites connected to each CE belong to the same EVPN. The double return CE2 is the first CE described above.
举例来说,比如PE1站点中需要扩展的VLAN包含Vlan10和Vlan20,则将PE1和PE2上的端口GE0/0/0、GE0/0/1都加入到Vlan10和Vlan20, PE1与PE2之间通过PE1上的端口GE0/0/2和PE2上的GE0/0/2建立以太链路,进一步的,在PE1和PE2上分别将端口GE0/0/2加入到Vlan10和Vlan20中。For example, if the VLANs to be extended in the PE1 site include Vlan10 and Vlan20, the ports GE0/0/0 and GE0/0/1 on PE1 and PE2 are added to Vlan10 and Vlan20. The PE1 and PE2 are connected to each other through GE0/0/2 on PE1 and GE0/0/2 on PE2. Further, GE0/0/2 is added to Vlan10 and Vlan20 on PE1 and PE2. in.
进一步的,可为Vlan10和Vlan20分别建立端口隔离组。例如对于PE2,即第一PE,为Vlan10建立端口隔离组,隔离组成员端口包括GE0/0/1、GE0/0/2、GE0/0/3。其中,端口GE0/0/2为该以太链路中第一PE侧的端口即以太链路端口,端口GE0/0/1为该第一PE中连接第一CE的端口,端口GE0/0/3为网络侧端口。假如第二PE即PE1从本地端口GE0/0/0中的Vlan10接收到BUM报文,PE1会将报文同时转发给本地端口GE0/0/1、以太链路端口GE0/0/2以及网络侧GE0/0/3。从端口GE0/0/2上转发的BUM报文经以太链路到达PE2,PE2从端口GE0/0/2中的Vlan10接收到BUM报文后,则不会向PE2上Vlan10对应的端口隔离组中的成员端口GE0/0/1和GE0/0/3转发,只会向本地端口GE0/0/0转发,即会禁止将该报文再通过GE0/0/1转发至CE2,从而避免了流量回传问题。Further, a port isolation group can be established for Vlan10 and Vlan20 respectively. For example, PE2, that is, the first PE, establishes a port isolation group for Vlan10. The member ports of the isolation group include GE0/0/1, GE0/0/2, and GE0/0/3. The port GE0/0/2 is the port on the first PE side of the Ethernet link, that is, the Ethernet link port. The port GE0/0/1 is the port connected to the first CE in the first PE, and the port GE0/0/ 3 is the network side port. If the second PE, PE1, receives the BUM packet from the local port GE0/0/0, the PE1 forwards the packet to the local port GE0/0/1, the Ethernet link port GE0/0/2, and the network. Side GE0/0/3. The BUM packet sent from the port GE0/0/2 is sent to the PE2 through the Ethernet link. After receiving the BUM packet from the Vlan10 in the GE0/0/2 port, the PE2 does not isolate the port from the port corresponding to Vlan10 on PE2. The member ports GE0/0/1 and GE0/0/3 are forwarded only to the local port GE0/0/0. This prevents the packets from being forwarded to CE2 through GE0/0/1. Traffic back issue.
进一步的,当CE2由双归属连接所述EVPN变为单归属连接所述EVPN,比如CE2与PE1之间的链路Down时,可将该端口GE0/0/1从Vlan10和Vlan20对应的端口隔离组中删除,则PE2从以太链路端口GE0/0/2接收的BUM报文能正常向端口GE0/0/1转发。对于Vlan20作类似处理,本发明实施例不再赘述。Further, when the CE2 is dual-homed to the EVPN, the EVPN is connected to the EVPN. For example, when the link between CE2 and PE1 is Down, the port GE0/0/1 can be isolated from the ports corresponding to Vlan10 and Vlan20. If the group is deleted, the BUM packets received by PE2 from Ethernet interface port GE0/0/2 can be forwarded to GE0/0/1. For the similar processing of the Vlan 20, the embodiment of the present invention will not be described again.
实施本发明实施例可通过在PE设备之间建立无需对数据报文进行隧道封装的以太链路,并在接收到通过该以太链路传输的数据报文时控制将该报文转发至除建立的端口隔离组以外的端口所连接的CE,从而有效解决了CE通过PE双归属连接到EVPN时该PE在接收到报文并进行报文转发时在用户侧形成的流量回传问题。The embodiment of the present invention can establish an Ethernet link that does not need to encapsulate the data packet between the PE devices, and control the forwarding of the packet to the establishment after receiving the data packet transmitted through the Ethernet link. The CE connected to the port other than the port isolation group effectively solves the problem of traffic returning on the user side when the PE receives the packet and forwards the packet when the CE is dual-homed to the EVPN.
进一步的,请参见图4,是本发明实施例提供的另一种报文转发方法的场景示意图,具体的,如图4所示,本发明实施例的所述系统中,CE1连接到PE1,CE2双归连接到PE1和PE2,CE3连接到PE2,CE4连接到PE3,该CE2与PE1、PE2之间采用All-Active模式部署,即将该CE2与PE1、PE2之间的链路捆绑成一个以太Trunk。其中,CE1、CE2、CE3和 CE4所连接的站点属于同一EVPN。Further, please refer to FIG. 4, which is a schematic diagram of another packet forwarding method according to an embodiment of the present invention. Specifically, as shown in FIG. 4, in the system of the embodiment of the present invention, CE1 is connected to PE1. CE2 is dual-homed to PE1 and PE2, CE3 is connected to PE2, and CE4 is connected to PE3. The CE2 is deployed in the All-Active mode between PE2 and PE2. The link between CE2 and PE1 and PE2 is bundled into one Ethernet. Trunk. Among them, CE1, CE2, CE3 and The sites connected to CE4 belong to the same EVPN.
按照EVPN协议的定义,PE1和PE2在向外发送组播路由时携带的是各自的IP地址作为下一跳地址,这样远端PE即PE3接收到组播路由报文后,对于同一个广播域会认为PE1和PE2是组播头端复制列表中两个不同的下一跳,在进行组播复制时需要分别向该PE1和PE2复制和发送报文,则可能出现在接入侧CE站点收到双份流量的问题。According to the definition of the EVPN protocol, PE1 and PE2 carry the multicast routes to each other with their respective IP addresses as the next hop address, so that the remote PE, that is, PE3, after receiving the multicast routing message, is the same broadcast domain. It is considered that PE1 and PE2 are two different next hops in the multicast headend replication list. When multicast replication is performed, the packets are copied and sent to the PE1 and PE2 respectively. The problem of double traffic.
举例来说,若PE3从CE4接收到的BUM报文,会同时复制和转发给PE1和PE2,PE1从网络侧接收到PE3发送的BUM报文后,会将报文从以太链路发送给PE2,PE2从该以太链路接收到BUM报文后向本地站点CE3转发。同时,PE2也会从网络侧接收到PE3发送的BUM报文,并将报文向本地站点CE3转发,从而造成CE3接收到双份BUM报文。相应地,对于CE1也存在类似的问题,在此不再赘述。For example, if the BUM packet received by the PE3 from the CE4 is copied and forwarded to the PE1 and the PE2, the PE1 will send the packet from the Ethernet link to the PE2 after receiving the BUM packet from the PE3. After receiving the BUM packet from the Ethernet link, PE2 forwards the packet to the local station CE3. At the same time, PE2 also receives the BUM packet sent by the PE3 from the network side, and forwards the packet to the local station CE3, so that CE3 receives the double BUM packet. Correspondingly, similar problems exist for CE1 and will not be described here.
为此,本发明实施例可通过为PE1和PE2设置相同的虚拟IP地址如1.1.1.1作为组播路由下一跳地址,并再发布组播路由时将该下一跳地址发送至远端PE即PE3。PE3在收到组播路由后,将1.1.1.1加入对应组播的头端复制列表,PE3在向网络侧发送BUM报文时,对于PE1和PE2,只会向1.1.1.1复制一份BUM报文发送,由中间节点P完成到PE1和PE2的转发,这样PE3发出的BUM报文,PE1和PE2只有其中一个会收到。假如由PE1收到,向端口GE0/0/0、GE0/0/1和GE0/0/2转发,PE2从端口GE0/0/2接收到报文后向CE3转发,从而避免了CE3接收到双份BUM流量的问题。同时也解决了CE1上存在的流量重复问题。具体的,该报文到PE1和PE2的转发方式可以是使用负载分担或主备方式,本发明实施例不作限定。To this end, the embodiment of the present invention can set the same virtual IP address, such as 1.1.1.1, as the next hop address of the multicast route, and then send the next hop address to the remote PE. That is, PE3. After receiving the multicast route, PE3 adds 1.1.1.1 to the headend replication list of the corresponding multicast. When PE3 sends a BUM packet to the network, only one BUM report is copied to 1.1.1.1 for PE1 and PE2. The text is sent, and the intermediate node P completes the forwarding to PE1 and PE2. Therefore, only one of PE1 and PE2 will receive the BUM message sent by PE3. If the packet is received by PE1, it is forwarded to GE0/0/0, GE0/0/1, and GE0/0/2. After receiving the packet, PE2 forwards the packet to CE3, thus avoiding CE3 receiving. The problem of double BUM traffic. At the same time, it also solves the problem of traffic duplication on CE1. Specifically, the forwarding mode of the packet to the PE1 and the PE2 may be the load balancing mode or the active/standby mode, which is not limited in the embodiment of the present invention.
实施本发明实施例可通过在PE设备之间建立以太链路,并通过建立端口隔离组,使得PE在接收到通过该以太链路传输的数据报文时控制将该报文转发至除该端口隔离组以外的端口所连接的CE,而不再向其他CE转发该报文,从而有效解决了CE通过PE双归属连接到EVPN时该PE在接收到报文并进行报文转发时在用户侧形成的流量回传问题,不需要再通过封装ESI标签来用于流量判断避免流量回传,通过本发明实施例的方案, 无需更改当前硬件芯片设计,节约了成本。The embodiment of the present invention can control the forwarding of the packet to the port except that the Ethernet link is established between the PE devices and the port isolation group is established, so that the PE receives the data packet transmitted through the Ethernet link. The CE connected to the port other than the isolation group does not forward the packet to other CEs. This prevents the PE from receiving the packet and forwarding the packet when the CE is dual-homed to the EVPN. The formed traffic backhaul problem does not need to be encapsulated by the ESI label for traffic judgment to avoid traffic backhaul, by using the solution of the embodiment of the present invention, No need to change the current hardware chip design, saving costs.
请参见图5,是本发明实施例提供的一种第一PE的结构示意图,具体的,所述第一PE包括:建立单元11、接收单元12以及转发单元13。其中,FIG. 5 is a schematic structural diagram of a first PE according to an embodiment of the present invention. Specifically, the first PE includes: an establishing unit 11, a receiving unit 12, and a forwarding unit 13. among them,
所述建立单元11,用于建立端口隔离组。The establishing unit 11 is configured to establish a port isolation group.
具体实施例中,该第一PE与第二PE之间建立以太链路,所述端口隔离组包括所述以太链路中所述第一PE侧的端口、所述第一PE中连接第一CE的端口以及所述第一PE的网络侧端口,所述第一CE为通过所述第一PE和所述第二PE双归属连接当前EVPN的CE。In a specific embodiment, an Ethernet link is established between the first PE and the second PE, and the port isolation group includes a port on the first PE side of the Ethernet link, and a first connection in the first PE. The port of the CE and the network side port of the first PE, the first CE is a CE that connects the current EVPN through the first PE and the second PE.
需要说明的是,通过该以太链路传输接收到的以太数据报文时无需对该报文进行隧道封装。It should be noted that when the received Ethernet data packet is transmitted through the Ethernet link, the packet does not need to be encapsulated.
所述接收单元12,用于通过所述以太链路中所述第一PE侧的端口接收所述第二PE转发的报文。The receiving unit 12 is configured to receive, by using the port on the first PE side of the Ethernet link, a packet forwarded by the second PE.
具体实施例中,该第二PE转发的报文包括CE向该第二PE发送的报文或远端PE向该第二PE发送的报文。In a specific embodiment, the packet forwarded by the second PE includes a packet sent by the CE to the second PE or a packet sent by the remote PE to the second PE.
所述转发单元13,用于向所述第一PE中除所述端口隔离组以外的端口所连接的第二CE转发所述接收单元12接收的所述报文。The forwarding unit 13 is configured to forward the packet received by the receiving unit 12 to a second CE connected to a port other than the port isolation group in the first PE.
具体实施例中,若接收单元12接收到第二PE通过该以太链路发送的数据报文,则可通过转发单元13将所述报文仅转发至除所述端口隔离组以外的端口所连接的CE即第二CE。具体的,比如当前第一CE到PE的报文确定通过该第二PE进行转发,并由该第二PE通过以太链路将所述报文转发至第一PE,则转发单元13仅向当前端口隔离组以外的端口所连接的第二CE转发该报文,而不向与该第一PE连接的第一CE以及网络侧转发该报文。In a specific embodiment, if the receiving unit 12 receives the data packet sent by the second PE through the Ethernet link, the forwarding unit 13 may forward the packet to only the port other than the port isolation group. The CE is the second CE. Specifically, for example, the current CE to PE packet is determined to be forwarded by the second PE, and the second PE forwards the packet to the first PE through the Ethernet link, and the forwarding unit 13 only forwards the current packet to the current PE. The second CE connected to the port other than the port isolation group forwards the packet, and does not forward the packet to the first CE and the network side connected to the first PE.
实施本发明实施例可通过在PE设备之间建立无需对数据报文进行隧道封装的以太链路,并在接收到通过该以太链路传输的数据报文时控制将该报文转发至除建立的端口隔离组以外的端口所连接的CE,从而有效解决了CE通过PE双归属连接到EVPN时该PE在接收到报文并进行报文转发时在用户侧形成的流量回传问题。 The embodiment of the present invention can establish an Ethernet link that does not need to encapsulate the data packet between the PE devices, and control the forwarding of the packet to the establishment after receiving the data packet transmitted through the Ethernet link. The CE connected to the port other than the port isolation group effectively solves the problem of traffic returning on the user side when the PE receives the packet and forwards the packet when the CE is dual-homed to the EVPN.
请参见图6,是本发明实施例提供的另一种第一PE的结构示意图,具体的,所述第一PE包括建立单元11、接收单元12以及转发单元13,其中,FIG. 6 is a schematic structural diagram of another first PE according to an embodiment of the present invention. Specifically, the first PE includes an establishing unit 11, a receiving unit 12, and a forwarding unit 13, where
所述建立单元11,用于建立端口隔离组。The establishing unit 11 is configured to establish a port isolation group.
具体实施例中,该第一PE与第二PE之间建立以太链路,所述端口隔离组包括所述以太链路中所述第一PE侧的端口、所述第一PE中连接第一CE的端口以及所述第一PE的网络侧端口,所述第一CE为通过所述第一PE和所述第二PE双归属连接当前EVPN的CE。In a specific embodiment, an Ethernet link is established between the first PE and the second PE, and the port isolation group includes a port on the first PE side of the Ethernet link, and a first connection in the first PE. The port of the CE and the network side port of the first PE, the first CE is a CE that connects the current EVPN through the first PE and the second PE.
需要说明的是,通过该以太链路传输接收到的以太数据报文时无需对该报文进行隧道封装。It should be noted that when the received Ethernet data packet is transmitted through the Ethernet link, the packet does not need to be encapsulated.
所述接收单元12,用于通过所述以太链路中所述第一PE侧的端口接收所述第二PE转发的报文。The receiving unit 12 is configured to receive, by using the port on the first PE side of the Ethernet link, a packet forwarded by the second PE.
具体实施例中,该第二PE转发的报文包括CE向该第二PE发送的报文或远端PE向该第二PE发送的报文。In a specific embodiment, the packet forwarded by the second PE includes a packet sent by the CE to the second PE or a packet sent by the remote PE to the second PE.
所述转发单元13,用于向所述第一PE中除所述端口隔离组以外的端口所连接的第二CE转发所述接收单元12接收的所述报文。The forwarding unit 13 is configured to forward the packet received by the receiving unit 12 to a second CE connected to a port other than the port isolation group in the first PE.
具体实施例中,若接收单元12接收到第二PE通过该以太链路发送的数据报文,则可通过转发单元13将所述报文仅转发至除所述端口隔离组以外的端口所连接的CE即第二CE。具体的,比如当前第一CE到PE的报文确定通过该第二PE进行转发,并由该第二PE通过以太链路将所述报文转发至第一PE,则转发单元13仅向当前端口隔离组以外的端口所连接的第二CE转发该报文,而不向与该第一PE连接的第一CE以及网络侧转发该报文。In a specific embodiment, if the receiving unit 12 receives the data packet sent by the second PE through the Ethernet link, the forwarding unit 13 may forward the packet to only the port other than the port isolation group. The CE is the second CE. Specifically, for example, the current CE to PE packet is determined to be forwarded by the second PE, and the second PE forwards the packet to the first PE through the Ethernet link, and the forwarding unit 13 only forwards the current packet to the current PE. The second CE connected to the port other than the port isolation group forwards the packet, and does not forward the packet to the first CE and the network side connected to the first PE.
进一步的,在本发明实施例中,所述建立单元11可包括:Further, in the embodiment of the present invention, the establishing unit 11 may include:
检测子单元111,用于分别检测本地端口中各端口的以太网段标识ESI是否为有效值。The detecting sub-unit 111 is configured to detect whether the Ethernet segment identifier ESI of each port in the local port is a valid value.
其中,所述本地端口为所述第一PE中连接有CE的端口,该连接的CE包括第一CE和第二CE。The local port is a port in which the CE is connected to the first PE, and the connected CE includes a first CE and a second CE.
具体实施例中,建立单元11在建立端口隔离组时,可通过检测子单 元111分别检测当前PE的各本地端口对应的ESI是否为有效值,来确定是否将该本地端口加入至该端口隔离组中。In a specific embodiment, the establishing unit 11 can detect the sub-list when establishing the port isolation group. The element 111 detects whether the ESI corresponding to each local port of the current PE is a valid value, and determines whether the local port is added to the port isolation group.
控制子单元112,用于将所述本地端口中所述ESI为有效值的端口作为所述第一PE中连接所述第一CE的端口加入到端口隔离组中。The control sub-unit 112 is configured to add, as the port of the first PE, the port connected to the first CE to the port isolation group.
具体的,若检测子单元111检测到当前本地端口对应的ESI为有效值,则可表示与该本地端口连接的CE通过该第一PE和第二PE双归属连接到当前EVPN,即该CE为第一CE,则可通过控制子单元112将该本地端口加入到该端口隔离组中。Specifically, if the detecting sub-unit 111 detects that the ESI corresponding to the current local port is a valid value, it may indicate that the CE connected to the local port is dual-homed to the current EVPN through the first PE and the second PE, that is, the CE is The first CE may be added to the port isolation group by the control sub-unit 112.
所述控制子单元112,还用于将所述以太链路中所述第一PE侧的端口以及所述第一PE中的网络侧端口加入到所述端口隔离组中。The control sub-unit 112 is further configured to add the port on the first PE side and the network side port in the first PE in the Ethernet link to the port isolation group.
进一步的,该建立的端口隔离组还包括第一PE与所述以太链路相连接的端口即以太链路端口以及该PE中与远端PE进行信息交互的网络侧端口。Further, the established port isolation group further includes a port that is connected to the Ethernet link by the first PE, that is, an Ethernet link port, and a network side port in the PE that exchanges information with the remote PE.
进一步的,在本发明实施例中,所述第一PE还可以包括:Further, in the embodiment of the present invention, the first PE may further include:
删除单元14,用于若检测到所述端口隔离组中所述第一CE由双归属连接所述EVPN变为单归属连接所述EVPN,则将所述第一PE中连接所述第一CE的端口从所述隔离组中删除。The deleting unit 14 is configured to connect the first CE to the first CE if the first CE in the port isolation group is configured to be dual-homed to the EVPN by the dual-homed connection. The port is removed from the isolation group.
进一步的,在本发明实施例中,所述第一PE与所述第二PE具有相同的虚拟IP地址,所述第一PE还包括:Further, in the embodiment of the present invention, the first PE and the second PE have the same virtual IP address, and the first PE further includes:
发送单元15,用于向远端PE发布组播路由,所述组播路由的下一跳地址为所述虚拟IP地址。The sending unit 15 is configured to advertise a multicast route to the remote PE, where the next hop address of the multicast route is the virtual IP address.
具体的,该第一PE通过发送单元15向远端PE发送相同的虚拟IP地址作为下一跳地址,且第二PE向远端PE发布的组播路由的下一跳地址也为该虚拟IP地址,以使远端PE向该相同的下一跳地址仅复制一份组播报文,使得与第一PE或第二PE相连接的CE仅接收到一份该报文,避免接收到多份相同报文而造成的流量重复的问题。Specifically, the first PE sends the same virtual IP address to the remote PE as the next hop address by the sending unit 15, and the next hop address of the multicast route advertised by the second PE to the remote PE is also the virtual IP address. The address is such that the remote PE only copies one multicast packet to the same next hop address, so that the CE connected to the first PE or the second PE receives only one packet, avoiding receiving more packets. The problem of duplicate traffic caused by the same message.
可选地,所述接收单元12可具体用于:Optionally, the receiving unit 12 is specifically configured to:
接收所述第二PE通过所述以太链路转发的第一组播报文,所述第一组播报文为所述远端PE根据所述组播路由向所述第二PE发送的报文。 Receiving, by the second PE, the first multicast packet that is forwarded by the Ethernet link, where the first multicast packet is sent by the remote PE to the second PE according to the multicast route. Text.
可选地,所述接收单元12还可具体用于:Optionally, the receiving unit 12 is further configured to:
接收所述第二PE通过所述以太链路转发的第二组播报文,所述第二组播报文为与所述第二PE连接的CE向所述第二PE发送的报文。And receiving, by the second PE, a second multicast packet that is forwarded by the Ethernet link, where the second multicast packet is a packet that is sent by the CE that is connected to the second PE to the second PE.
具体的,本发明实施例的第一PE可具体参照图1至图4对应实施例中第一PE的相关描述。Specifically, the first PE of the embodiment of the present invention may refer to the related description of the first PE in the corresponding embodiment of FIG. 1 to FIG. 4 .
实施本发明实施例可通过在PE设备之间建立以太链路,并通过建立端口隔离组,使得PE在接收到通过该以太链路传输的数据报文时控制将该报文转发至除该端口隔离组以外的端口所连接的CE,而不再向其他CE转发该报文,从而有效解决了CE通过PE双归属连接到EVPN时该PE在接收到报文并进行报文转发时在用户侧形成的流量回传问题,不需要再通过封装ESI标签来用于流量判断避免流量回传,通过本发明实施例的方案,无需更改当前硬件芯片设计,节约了成本。The embodiment of the present invention can control the forwarding of the packet to the port except that the Ethernet link is established between the PE devices and the port isolation group is established, so that the PE receives the data packet transmitted through the Ethernet link. The CE connected to the port other than the isolation group does not forward the packet to other CEs. This prevents the PE from receiving the packet and forwarding the packet when the CE is dual-homed to the EVPN. The formed traffic backhaul problem does not need to be encapsulated by the ESI label for traffic judgment to avoid traffic backhaul. The solution of the embodiment of the present invention does not need to change the current hardware chip design, thereby saving cost.
进一步的,请参见图7,是本发明实施例提供的一种网络设备的结构组成示意图,本发明实施例的网络设备包括:接收器300、发射器400、存储器200和处理器100,所述存储器200可以是高速RAM存储器,也可以是非不稳定的存储器(non-volatile memory),例如至少一个磁盘存储器。作为一种计算机存储介质的存储器200中存储相应的应用程序等。所述接收器300、发射器400、存储器200以及处理器100之间可以通过总线进行数据连接,也可以通过其他方式数据连接。本实施例中以总线连接进行说明。具体的,本发明实施例的所述网络设备可对应于第一PE,适用于第一CE通过所述第一PE和第二PE双归属连接EVPN的场景,所述第一PE与所述第二PE之间建立以太链路,该第一PE可进一步参照图5或图6对应实施例中的第一PE的相关描述。Further, please refer to FIG. 7 , which is a schematic structural diagram of a network device according to an embodiment of the present invention. The network device in the embodiment of the present invention includes: a receiver 300, a transmitter 400, a memory 200, and a processor 100. The memory 200 may be a high speed RAM memory or a non-volatile memory such as at least one disk memory. A corresponding application or the like is stored in the memory 200 as a computer storage medium. The receiver 300, the transmitter 400, the memory 200, and the processor 100 may be connected to each other through a bus, or may be connected by other means. In the present embodiment, a bus connection will be described. Specifically, the network device in the embodiment of the present invention may be corresponding to the first PE, and is applicable to a scenario in which the first CE is dual-homed to the EVPN through the first PE and the second PE, where the first PE and the first An Ethernet link is established between the two PEs. The first PE may further refer to the related description of the first PE in the corresponding embodiment of FIG. 5 or FIG. 6.
其中,所述处理器100执行如下步骤:The processor 100 performs the following steps:
建立端口隔离组,所述端口隔离组包括所述以太链路中所述第一PE侧的端口、所述第一PE中连接所述第一CE的端口以及所述第一PE的网络侧端口;Establishing a port isolation group, where the port isolation group includes a port on the first PE side of the Ethernet link, a port in the first PE that is connected to the first CE, and a network side port on the first PE. ;
通过所述以太链路中所述第一PE侧的端口接收所述第二PE转发的报文; Receiving, by the port on the first PE side of the Ethernet link, the packet forwarded by the second PE;
向所述第一PE中除所述端口隔离组以外的端口所连接的第二CE转发所述报文。Transmitting the packet to the second CE connected to the port of the first PE except the port isolation group.
可选地,所述处理器100在执行建立端口隔离组,具体执行以下步骤:Optionally, the processor 100 is configured to establish a port isolation group, and specifically performs the following steps:
分别检测本地端口中各端口的以太网段标识ESI是否为有效值,所述本地端口为所述第一PE中连接有CE的端口;Detecting, respectively, whether the Ethernet segment identifier ESI of each port in the local port is a valid value, where the local port is a port to which the CE is connected in the first PE;
将所述本地端口中所述ESI为有效值的端口作为所述第一PE中连接所述第一CE的端口加入到端口隔离组中;Adding, by the port in the local port, the ESI is a port that is connected to the first CE to the port isolation group;
将所述以太链路中所述第一PE侧的端口以及所述第一PE中的网络侧端口加入到所述端口隔离组中。Adding the port on the first PE side and the network side port in the first PE in the Ethernet link to the port isolation group.
可选地,所述处理器100还用于执行:Optionally, the processor 100 is further configured to:
若检测到所述端口隔离组中所述第一CE由双归属连接所述EVPN变为单归属连接所述EVPN,则将所述第一PE中连接所述第一CE的端口从所述隔离组中删除。If the first CE in the port isolation group is detected to be a single-homed connection to the EVPN by the dual-homed connection, the port connecting the first CE in the first PE is isolated from the Deleted in the group.
可选地,所述第一PE与所述第二PE具有相同的虚拟互联网协议IP地址,所述处理器100还用于执行:Optionally, the first PE and the second PE have the same virtual internet protocol IP address, and the processor 100 is further configured to:
所述第一PE向远端PE发布组播路由,所述组播路由的下一跳地址为所述虚拟IP地址。The first PE advertises a multicast route to the remote PE, and the next hop address of the multicast route is the virtual IP address.
可选地,所述处理器100在执行所述通过所述以太链路中所述第一PE侧的端口接收所述第二PE转发的报文,具体用于执行:Optionally, the processor 100 is configured to receive, by using the port on the first PE side of the Ethernet link, a packet that is forwarded by the second PE, specifically for performing:
接收所述第二PE通过所述以太链路转发的第一组播报文,所述第一组播报文为所述远端PE根据所述组播路由向所述第二PE发送的报文。Receiving, by the second PE, the first multicast packet that is forwarded by the Ethernet link, where the first multicast packet is sent by the remote PE to the second PE according to the multicast route. Text.
可选地,所述处理器100在执行所述通过所述以太链路中所述第一PE侧的端口接收所述第二PE转发的报文,具体用于执行:Optionally, the processor 100 is configured to receive, by using the port on the first PE side of the Ethernet link, a packet that is forwarded by the second PE, specifically for performing:
接收所述第二PE通过所述以太链路转发的第二组播报文,所述第二组播报文为与所述第二PE连接的CE向所述第二PE发送的报文。And receiving, by the second PE, a second multicast packet that is forwarded by the Ethernet link, where the second multicast packet is a packet that is sent by the CE that is connected to the second PE to the second PE.
实施本发明实施例可通过在PE设备之间建立无需对数据报文进行隧道封装的以太链路,并通过建立端口隔离组,使得PE在接收到通过该以太链路传输的数据报文时控制将该报文转发至除该端口隔离组以外的端口所连接的CE,从而有效解决了CE双归连接到PE时该PE在接收到报 文并进行报文转发时在用户侧形成的流量回传问题,无需封装ESI标签,从而无需更改当前硬件芯片设计,节约了成本。The embodiment of the present invention can establish an Ethernet link that does not need to encapsulate the data packet between the PE devices, and establish a port isolation group, so that the PE controls the data packet transmitted through the Ethernet link. The packet is forwarded to the CE connected to the port other than the port isolation group, which effectively solves the problem that the PE receives the report when the CE is dual-homed to the PE. When the message is forwarded, the traffic backhaul problem formed on the user side does not need to encapsulate the ESI label, so that the current hardware chip design does not need to be changed, and the cost is saved.
请参见图8,是本发明实施例提供的一种报文转发系统的结构示意图,所述系统包括:第一CE10、第一PE20和第二PE30,所述第一CE10通过所述第一PE20和所述第二PE30双归属连接EVPN,所述第一PE20与所述第二PE30之间建立以太链路,其中,FIG. 8 is a schematic structural diagram of a packet forwarding system according to an embodiment of the present invention. The system includes: a first CE10, a first PE20, and a second PE30, where the first CE10 passes the first PE20. And the second PE 30 is dual-homed to the EVPN, and the Ethernet link is established between the first PE 20 and the second PE 30, where
所述第二PE30,用于接收所述第一CE10发送的报文,并通过所述以太链路将所述报文转发至所述第一PE20。The second PE 30 is configured to receive the packet sent by the first CE 10, and forward the packet to the first PE 20 by using the Ethernet link.
具体的,本发明实施例的所述第一PE20可参照图1至图7对应实施例中第一PE20的相关描述。Specifically, the first PE 20 of the embodiment of the present invention may refer to the related description of the first PE 20 in the corresponding embodiment of FIG. 1 to FIG. 7.
具体实施例中,若第二PE30接收到第一CE10通过本地端口发送的报文,则向其他端口正常转发。具体的,该其他端口包括该以太链路中所述第二PE30侧的端口,第二PE30在进行报文转发时可通过该端口将该接收到的报文发送给第一PE20。In a specific embodiment, if the second PE 30 receives the packet sent by the first CE 10 through the local port, the second PE 30 forwards the packet to other ports. Specifically, the other port includes the port on the second PE 30 side of the Ethernet link, and the second PE 30 can send the received packet to the first PE 20 through the port when the packet is forwarded.
所述第一PE20,用于建立端口隔离组,通过所述以太链路中所述第一PE20侧的端口接收所述第二PE30转发的所述报文,并向所述第一PE20中除所述端口隔离组以外的端口所连接的第二CE转发所述报文,所述端口隔离组包括所述以太链路中所述第一PE20侧的端口、所述第一PE20中连接所述第一CE10的端口以及所述第一PE20的网络侧端口。The first PE 20 is configured to establish a port isolation group, and receive, by the port on the first PE20 side of the Ethernet link, the packet forwarded by the second PE 30, and remove the packet from the first PE20. The second CE connected to the port other than the port isolation group forwards the packet, where the port isolation group includes the port on the first PE20 side of the Ethernet link, and the connection in the first PE20. The port of the first CE 10 and the network side port of the first PE 20.
具体的,第一PE20接收到第二PE30通过该以太链路转发的报文,则可向所述第一PE20中除建立的端口隔离组以外的端口所连接的CE即第二CE转发所述报文。进一步的,若该系统中不存在第二CE(即与第一PE20相连接的CE仅有第一CE20),则可在第一PE20通过以太链路接收到报文时,直接丢弃该报文,不进行转发处理。Specifically, the first PE 20 receives the packet that is forwarded by the second PE 30 through the Ethernet link, and may forward the CE to the second CE that is connected to the port other than the established port isolation group. Message. Further, if the second CE does not exist in the system, that is, the CE connected to the first PE 20 has only the first CE 20, the packet can be directly discarded when the first PE 20 receives the packet through the Ethernet link. , no forwarding processing.
进一步的,请参见图9,是本发明实施例提供的另一种报文转发系统的结构示意图,所述系统包括上述报文转发系统的第一CE10、第一PE20和第二PE30,所述第一CE10通过所述第一PE20和所述第二PE30双归属连接EVPN,所述第一PE20与所述第二PE30之间建立以太链路。在本发明实施例中,所述系统还包括远端PE40。 Further, please refer to FIG. 9 , which is a schematic structural diagram of another packet forwarding system according to an embodiment of the present invention. The system includes a first CE 10, a first PE 20, and a second PE 30 of the packet forwarding system. The first CE 10 is dual-homed to the EVPN by the first PE 20 and the second PE 30, and an Ethernet link is established between the first PE 20 and the second PE 30. In an embodiment of the invention, the system further includes a remote PE 40.
具体的,所述第一PE20与所述第二PE30具有相同的虚拟IP地址,在本发明实施例中,所述第一PE20,还用于向所述远端PE40发布组播路由,所述组播路由的下一跳地址为所述虚拟IP地址;Specifically, the first PE 20 and the second PE 30 have the same virtual IP address. In the embodiment of the present invention, the first PE 20 is further configured to advertise a multicast route to the remote PE 40. The next hop address of the multicast route is the virtual IP address.
所述第二PE30,还用于向所述远端PE40发布所述组播路由,所述组播路由的下一跳地址为所述虚拟IP地址;The second PE 30 is further configured to advertise the multicast route to the remote PE, where a next hop address of the multicast route is the virtual IP address;
进一步的,所述第二PE30,还用于接收远端PE40根据所述组播路由转发的组播报文,并通过所述以太链路将所述组播报文发送至所述第一PE20。Further, the second PE 30 is further configured to receive the multicast packet forwarded by the remote PE 40 according to the multicast route, and send the multicast packet to the first PE20 by using the Ethernet link. .
具体实施例中,在接收远端PE40发送的报文之前,所述第一PE20可向远端PE40发布组播路由,该组播路由的下一跳地址即为所述虚拟IP地址,且所述第二PE30向所述远端PE40发布的所述组播路由的下一跳地址也为该相同的虚拟IP地址,即该远端PE40获取的第一PE20的下一跳地址与第二PE30的下一跳地址相同。具体的,该远端PE40在接收到本地站点发送的报文时,可根据第一PE20和第二PE30的下一跳地址,向该相同的下一跳地址仅复制一份组播报文,并将该组播报文转发至所述第一PE20或所述第二PE30,本发明实施例以远端PE40将该报文转发至第二PE30为例进行说明,并由所述第二PE30将所述组播报文转发至第一CE10以及通过以太链路将所述组播报文转发至第一PE20。In a specific embodiment, before receiving the packet sent by the remote PE 40, the first PE 20 may advertise a multicast route to the remote PE 40, where the next hop address of the multicast route is the virtual IP address, and The next hop address of the multicast route advertised by the second PE 30 to the remote PE 40 is also the same virtual IP address, that is, the next hop address of the first PE 20 acquired by the remote PE 40 and the second PE 30. The next hop address is the same. Specifically, the remote PE 40 can only copy one multicast packet to the same next hop address according to the next hop address of the first PE 20 and the second PE 30 when receiving the packet sent by the local station. And forwarding the multicast packet to the first PE 20 or the second PE 30. In the embodiment of the present invention, the remote PE 40 forwards the packet to the second PE 30 as an example, and the second PE 30 is used by the second PE 30. Forwarding the multicast packet to the first CE 10 and forwarding the multicast packet to the first PE 20 through the Ethernet link.
若第一PE20接收到第二PE30通过该以太链路转发的报文,则可向所述第一PE20中除建立的端口隔离组以外的端口所连接的CE即第二CE转发所述报文。进一步的,若该系统中不存在第二CE(即与第一PE20相连接的CE仅有第一CE20),则可在第一PE20通过以太链路接收到报文时,直接丢弃该报文,不进行转发处理。If the first PE 20 receives the packet forwarded by the second PE 30 through the Ethernet link, the first PE 20 may forward the packet to the CE that is connected to the port other than the established port isolation group. . Further, if the second CE does not exist in the system, that is, the CE connected to the first PE 20 has only the first CE 20, the packet can be directly discarded when the first PE 20 receives the packet through the Ethernet link. , no forwarding processing.
实施本发明实施例可通过在PE设备之间建立以太链路,并通过建立端口隔离组,使得PE在接收到通过该以太链路传输的数据报文时控制将该报文转发至除该端口隔离组以外的端口所连接的CE,而不再向其他CE转发该报文,从而有效解决了CE通过PE双归属连接到EVPN时该PE在接收到报文并进行报文转发时在用户侧形成的流量回传问题,不需要再通过封装ESI标签来用于流量判断避免流量回传,通过本发明实施例的方案, 无需更改当前硬件芯片设计,节约了成本。The embodiment of the present invention can control the forwarding of the packet to the port except that the Ethernet link is established between the PE devices and the port isolation group is established, so that the PE receives the data packet transmitted through the Ethernet link. The CE connected to the port other than the isolation group does not forward the packet to other CEs. This prevents the PE from receiving the packet and forwarding the packet when the CE is dual-homed to the EVPN. The formed traffic backhaul problem does not need to be encapsulated by the ESI label for traffic judgment to avoid traffic backhaul, by using the solution of the embodiment of the present invention, No need to change the current hardware chip design, saving costs.
在本发明所提供的几个实施例中,应该理解到,所揭露的装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
所述该作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as the unit may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. . Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
上述以软件功能单元的形式实现的集成的单元,可以存储在一个计算机可读取存储介质中。上述软件功能单元存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)或处理器(processor)执行本发明各个实施例所述方法的部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。The above-described integrated unit implemented in the form of a software functional unit can be stored in a computer readable storage medium. The above software functional unit is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor to perform the methods of the various embodiments of the present invention. Part of the steps. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like, which can store program codes. .
本领域技术人员可以清楚地了解到,为描述的方便和简洁,仅以上述各功能模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能模块完成,即将装置的内部结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。上述描述的装置的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。A person skilled in the art can clearly understand that for the convenience and brevity of the description, only the division of each functional module described above is exemplified. In practical applications, the above function assignment can be completed by different functional modules as needed, that is, the device is installed. The internal structure is divided into different functional modules to perform all or part of the functions described above. For the specific working process of the device described above, refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.
最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非 对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。 Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention, and not The invention is described in detail with reference to the foregoing embodiments, and those skilled in the art should understand that the technical solutions described in the foregoing embodiments may be modified, or some or all of the technologies may be modified. The features are equivalent to those of the embodiments of the present invention.

Claims (14)

  1. 一种报文转发的方法,其特征在于,所述方法适用于第一用户边缘设备CE通过第一供应商边缘设备PE和第二PE双归属连接以太虚拟专用网络EVPN的场景,所述第一PE与所述第二PE之间建立以太链路,所述方法包括:A packet forwarding method, the method is applicable to a scenario in which a first user edge device CE connects to an Ethernet virtual private network EVPN through a first provider edge device PE and a second PE. Establishing an Ethernet link between the PE and the second PE, where the method includes:
    所述第一PE建立端口隔离组,所述端口隔离组包括所述以太链路中所述第一PE侧的端口、所述第一PE中连接所述第一CE的端口以及所述第一PE的网络侧端口;The first PE establishes a port isolation group, where the port isolation group includes a port on the first PE side of the Ethernet link, a port in the first PE that is connected to the first CE, and the first Network side port of the PE;
    所述第一PE通过所述以太链路中所述第一PE侧的端口接收所述第二PE转发的报文;Receiving, by the first PE, a packet forwarded by the second PE by using a port on the first PE side of the Ethernet link;
    所述第一PE向所述第一PE中除所述端口隔离组以外的端口所连接的第二CE转发所述报文。The first PE forwards the packet to a second CE connected to a port other than the port isolation group in the first PE.
  2. 根据权利要求1所述的方法,其特征在于,所述第一PE建立端口隔离组包括:The method according to claim 1, wherein the establishing a port isolation group by the first PE comprises:
    所述第一PE分别检测本地端口中各端口的以太网段标识ESI是否为有效值,所述本地端口为所述第一PE中连接有CE的端口;The first PE detects whether the Ethernet segment identifier ESI of each port in the local port is a valid value, and the local port is a port to which the CE is connected in the first PE;
    所述第一PE将所述本地端口中所述ESI为有效值的端口作为所述第一PE中连接所述第一CE的端口加入到端口隔离组中;The first PE adds a port whose ESI is a valid value in the local port to a port isolation group as a port connected to the first CE in the first PE;
    所述第一PE将所述以太链路中所述第一PE侧的端口以及所述第一PE中的网络侧端口加入到所述端口隔离组中。The first PE adds the port on the first PE side and the network side port in the first PE in the Ethernet link to the port isolation group.
  3. 根据权利要求2所述的方法,其特征在于,所述方法还包括:The method of claim 2, wherein the method further comprises:
    若所述第一PE检测到所述端口隔离组中所述第一CE由双归属连接所述EVPN变为单归属连接所述EVPN,则将所述第一PE中连接所述第一CE的端口从所述隔离组中删除。If the first PE detects that the first CE in the port isolation group is dual-homed to the EVPN, the first CE is connected to the first CE. The port is removed from the isolation group.
  4. 根据权利要求1-3任一项所述的方法,其特征在于,所述第一PE与所述第二PE具有相同的虚拟互联网协议IP地址,所述方法还包括: The method according to any one of claims 1-3, wherein the first PE and the second PE have the same virtual internet protocol IP address, the method further comprising:
    所述第一PE向远端PE发布组播路由,所述组播路由的下一跳地址为所述虚拟IP地址,所述第二PE向所述远端PE发布的所述组播路由的下一跳地址为所述虚拟IP地址。The first PE advertises a multicast route to the remote PE, where the next hop address of the multicast route is the virtual IP address, and the multicast route advertised by the second PE to the remote PE The next hop address is the virtual IP address.
  5. 根据权利要求4所述的方法,其特征在于,所述第一PE通过所述以太链路中所述第一PE侧的端口接收所述第二PE转发的报文包括:The method according to claim 4, wherein the receiving, by the first PE, the packet forwarded by the second PE by using the port on the first PE side of the Ethernet link comprises:
    所述第一PE接收所述第二PE通过所述以太链路转发的第一组播报文,所述第一组播报文为所述远端PE根据所述组播路由向所述第二PE发送的报文。Receiving, by the first PE, the first multicast packet that is forwarded by the second PE by using the Ethernet link, where the first multicast packet is sent by the remote PE according to the multicast route The packet sent by the second PE.
  6. 根据权利要求1-3任一项所述的方法,其特征在于,所述第一PE通过所述以太链路中所述第一PE侧的端口接收所述第二PE转发的报文包括:The method according to any one of claims 1-3, wherein the receiving, by the first PE, the packet forwarded by the second PE by using the port on the first PE side of the Ethernet link comprises:
    所述第一PE接收所述第二PE通过所述以太链路转发的第二组播报文,所述第二组播报文为与所述第二PE连接的CE向所述第二PE发送的报文。The first PE receives the second multicast packet that is forwarded by the second PE by using the Ethernet link, and the second multicast packet is a CE that is connected to the second PE to the second PE. The message sent.
  7. 一种报文转发的第一供应商边缘设备PE,其特征在于,用于第一用户边缘设备CE通过所述第一PE和第二PE双归属连接以太虚拟专用网络EVPN的场景,所述第一PE与所述第二PE之间建立以太链路,所述第一PE包括:A first provider edge device PE that forwards the packet, wherein the first user edge device CE is dual-homed to the Ethernet virtual private network EVPN through the first PE and the second PE, where the Establishing an Ethernet link between the PE and the second PE, where the first PE includes:
    建立单元,用于建立端口隔离组,所述端口隔离组包括所述以太链路中所述第一PE侧的端口、所述第一PE中连接所述第一CE的端口以及所述第一PE的网络侧端口;a establishing unit, configured to establish a port isolation group, where the port isolation group includes a port on the first PE side of the Ethernet link, a port in the first PE that is connected to the first CE, and the first Network side port of the PE;
    接收单元,用于通过所述以太链路中所述第一PE侧的端口接收所述第二PE转发的报文;a receiving unit, configured to receive, by using a port on the first PE side of the Ethernet link, a packet that is forwarded by the second PE;
    转发单元,用于向所述第一PE中除所述端口隔离组以外的端口所连接的第二CE转发所述接收单元接收的所述报文。 And a forwarding unit, configured to forward, to the second CE connected to the port other than the port isolation group, the packet received by the receiving unit.
  8. 根据权利要求7所述的第一PE,其特征在于,所述建立单元包括:The first PE according to claim 7, wherein the establishing unit comprises:
    检测子单元,用于分别检测本地端口中各端口的以太网段标识ESI是否为有效值,所述本地端口为所述第一PE中连接有CE的端口;a detecting subunit, configured to detect, respectively, whether an Ethernet segment identifier ESI of each port in the local port is a valid value, where the local port is a port to which the CE is connected in the first PE;
    控制子单元,用于将所述本地端口中所述ESI为有效值的端口作为所述第一PE中连接所述第一CE的端口加入到端口隔离组中;a control subunit, configured to add, as the port of the first PE, the port connected to the first CE to the port isolation group;
    所述控制子单元,还用于将所述以太链路中所述第一PE侧的端口以及所述第一PE中的网络侧端口加入到所述端口隔离组中。The control subunit is further configured to add the port on the first PE side and the network side port in the first PE in the Ethernet link to the port isolation group.
  9. 根据权利要求8所述的第一PE,其特征在于,所述第一PE还包括:The first PE according to claim 8, wherein the first PE further comprises:
    删除单元,用于若检测到所述端口隔离组中所述第一CE由双归属连接所述EVPN变为单归属连接所述EVPN,则将所述第一PE中连接所述第一CE的端口从所述隔离组中删除。a deleting unit, configured to connect the first CE to the first CE by detecting that the first CE in the port isolation group is dual-homed to the EVPN by the dual-homed connection The port is removed from the isolation group.
  10. 根据权利要求7-9任一项所述的第一PE,其特征在于,所述第一PE与所述第二PE具有相同的虚拟IP地址,所述第一PE还包括:The first PE according to any one of claims 7-9, wherein the first PE and the second PE have the same virtual IP address, and the first PE further includes:
    发送单元,用于向远端PE发布组播路由,所述组播路由的下一跳地址为所述虚拟IP地址。The sending unit is configured to advertise a multicast route to the remote PE, where the next hop address of the multicast route is the virtual IP address.
  11. 根据权利要求10所述的第一PE,其特征在于,所述接收单元具体用于:The first PE according to claim 10, wherein the receiving unit is specifically configured to:
    接收所述第二PE通过所述以太链路转发的第一组播报文,所述第一组播报文为所述远端PE根据所述组播路由向所述第二PE发送的报文。Receiving, by the second PE, the first multicast packet that is forwarded by the Ethernet link, where the first multicast packet is sent by the remote PE to the second PE according to the multicast route. Text.
  12. 根据权利要求7-9任一项所述的第一PE,其特征在于,所述接收单元具体用于:The first PE according to any one of claims 7-9, wherein the receiving unit is specifically configured to:
    接收所述第二PE通过所述以太链路转发的第二组播报文,所述第二组播报文为与所述第二PE连接的CE向所述第二PE发送的报文。 And receiving, by the second PE, a second multicast packet that is forwarded by the Ethernet link, where the second multicast packet is a packet that is sent by the CE that is connected to the second PE to the second PE.
  13. 一种报文转发系统,其特征在于,所述系统包括:第一用户边缘设备CE、第一供应商边缘设备PE和第二PE,所述第一CE通过所述第一PE和所述第二PE双归属连接以太虚拟专用网络EVPN,所述第一PE与所述第二PE之间建立以太链路,其中,A packet forwarding system, the system includes: a first user edge device CE, a first provider edge device PE, and a second PE, wherein the first CE passes the first PE and the first The second PE is dual-homed to the Ethernet virtual private network (EVPN), and the Ethernet link is established between the first PE and the second PE, where
    所述第二PE,用于接收所述第一CE发送的报文,并通过所述以太链路将所述报文转发至所述第一PE;The second PE is configured to receive the packet sent by the first CE, and forward the packet to the first PE by using the Ethernet link;
    所述第一PE,用于建立端口隔离组,通过所述以太链路中所述第一PE侧的端口接收所述第二PE转发的所述报文,并向所述第一PE中除所述端口隔离组以外的端口所连接的第二CE转发所述报文,所述端口隔离组包括所述以太链路中所述第一PE侧的端口、所述第一PE中连接所述第一CE的端口以及所述第一PE的网络侧端口。The first PE is configured to establish a port isolation group, and receive, by the port on the first PE side of the Ethernet link, the packet forwarded by the second PE, and remove the packet from the first PE. The second CE connected to the port other than the port isolation group forwards the packet, where the port isolation group includes the port on the first PE side of the Ethernet link, and the connection in the first PE a port of the first CE and a network side port of the first PE.
  14. 根据权利要求13所述的系统,其特征在于,所述系统还包括远端PE,所述第一PE与所述第二PE具有相同的虚拟IP地址,所述系统还包括:The system according to claim 13, wherein the system further comprises a remote PE, the first PE and the second PE have the same virtual IP address, and the system further comprises:
    所述第一PE,还用于向所述远端PE发布组播路由,所述组播路由的下一跳地址为所述虚拟IP地址;The first PE is further configured to advertise a multicast route to the remote PE, where a next hop address of the multicast route is the virtual IP address;
    所述第二PE,还用于向所述远端PE发布所述组播路由,所述组播路由的下一跳地址为所述虚拟IP地址;The second PE is further configured to advertise the multicast route to the remote PE, where a next hop address of the multicast route is the virtual IP address;
    所述第二PE接收远端PE发送的报文,并通过所述以太链路将所述报文转发至所述第一PE,包括:Receiving, by the second PE, the packet sent by the remote PE, and forwarding the packet to the first PE by using the Ethernet link, including:
    所述第二PE接收远端PE根据所述组播路由转发的组播报文,并通过所述以太链路将所述组播报文发送至所述第一PE。 The second PE receives the multicast packet forwarded by the remote PE according to the multicast route, and sends the multicast packet to the first PE by using the Ethernet link.
PCT/CN2015/077468 2014-07-31 2015-04-25 Method, device and system for forwarding packet WO2016015497A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410373934.X 2014-07-31
CN201410373934.XA CN104135420B (en) 2014-07-31 2014-07-31 A kind of method, equipment and the system of message forwarding

Publications (1)

Publication Number Publication Date
WO2016015497A1 true WO2016015497A1 (en) 2016-02-04

Family

ID=51807949

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/077468 WO2016015497A1 (en) 2014-07-31 2015-04-25 Method, device and system for forwarding packet

Country Status (2)

Country Link
CN (1) CN104135420B (en)
WO (1) WO2016015497A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112838982A (en) * 2019-11-22 2021-05-25 华为技术有限公司 Method, equipment and system for switching message transmission path
CN114679405A (en) * 2022-04-12 2022-06-28 烽火通信科技股份有限公司 SRv6 message forwarding method, storage medium, electronic equipment and device
CN112838982B (en) * 2019-11-22 2024-04-26 华为技术有限公司 Message transmission path switching method, device and system

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104135420B (en) * 2014-07-31 2017-12-29 华为技术有限公司 A kind of method, equipment and the system of message forwarding
CN104468233B (en) * 2014-12-23 2018-01-12 新华三技术有限公司 Ethernet virtualization interconnects dual-homed site disasters switching method and device
CN105790996A (en) * 2014-12-26 2016-07-20 北京华为朗新科技有限公司 Distributed gateway backup processing method and network equipment
US9787573B2 (en) * 2014-12-31 2017-10-10 Juniper Networks, Inc. Fast convergence on link failure in multi-homed Ethernet virtual private networks
CN106789635B (en) * 2016-03-25 2020-08-14 新华三技术有限公司 Message forwarding method and device
CN106559268B (en) * 2016-11-28 2019-12-13 浙江宇视科技有限公司 Dynamic port isolation method and device for IP monitoring system
CN108574614B (en) * 2017-03-10 2020-11-17 华为技术有限公司 Message processing method, device and network system
CN108696414A (en) * 2017-04-05 2018-10-23 中兴通讯股份有限公司 Return cut-in method, device and more home nodes more
US10382332B2 (en) * 2017-05-12 2019-08-13 Juniper Networks, Inc. Route signaling and convergence in EVPN of port extenders
CN109672619B (en) 2017-10-17 2021-08-20 华为技术有限公司 Method, device and system for processing message
CN109818869B (en) * 2017-11-22 2021-06-04 北京华为数字技术有限公司 Method for generating multicast traffic forwarding port and related equipment
CN108259303B (en) * 2017-12-25 2020-12-04 新华三技术有限公司 Message forwarding method and device
CN108055163A (en) * 2018-01-06 2018-05-18 北京特立信电子技术股份有限公司 A kind of dual-homed equipment and its protection switching method
CN109039888A (en) * 2018-08-10 2018-12-18 新华三技术有限公司合肥分公司 Message loop removing method and distributed elastic DR equipment
CN109167693B (en) * 2018-10-12 2022-03-18 锐捷网络股份有限公司 Isolation configuration method and device based on cross-chassis link aggregation group (MLAG)
CN111585899A (en) * 2019-02-19 2020-08-25 华为技术有限公司 EVPN multicast method, device and system
CN112019417B (en) * 2019-05-30 2021-11-19 华为技术有限公司 Method and equipment for transmitting message
CN112311643B (en) * 2019-07-24 2023-04-18 深圳市中兴微电子技术有限公司 EVPN message forwarding method, system, storage medium and terminal
CN112311737A (en) * 2019-07-31 2021-02-02 中兴通讯股份有限公司 Flow isolation method, device and equipment and storage medium
CN112565045A (en) * 2019-09-26 2021-03-26 中兴通讯股份有限公司 Method, device, equipment and storage medium for forwarding EVPN (error vector magnitude) message
CN112769587A (en) * 2019-11-05 2021-05-07 中兴通讯股份有限公司 Forwarding method and device for access flow of dual-homing device and storage medium
CN115865792A (en) 2019-12-31 2023-03-28 华为技术有限公司 Method and device for processing routing information
EP4085578A4 (en) * 2019-12-31 2023-09-27 Telefonaktiebolaget LM Ericsson (publ.) Method and system for ethernet virtual private network (evpn) split-horizon filtering
CN114666267A (en) * 2020-12-07 2022-06-24 中兴通讯股份有限公司 Data processing method, equipment and storage medium of Ethernet virtual private network
CN115225567A (en) * 2021-04-15 2022-10-21 华为技术有限公司 Message processing method and related equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7606939B1 (en) * 2002-10-31 2009-10-20 Cisco Technology, Inc. Scaling private virtual local area networks (VLANs) across large metropolitan area networks (MANs).
CN102255785A (en) * 2011-08-11 2011-11-23 杭州华三通信技术有限公司 Network isolation method in VPLS (Virtual Private Lan Service) and device thereof
CN103580917A (en) * 2013-10-23 2014-02-12 华为技术有限公司 Method for achieving network topology, provider edges and customer edges
CN104135420A (en) * 2014-07-31 2014-11-05 华为技术有限公司 A method, apparatus and system for forwarding message

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101588304B (en) * 2009-06-30 2012-04-18 杭州华三通信技术有限公司 Implementation method of VRRP and device
CN101616093B (en) * 2009-07-17 2011-06-22 福建星网锐捷网络有限公司 Method and device for realizing user access multi-homing network and network equipment
US8767731B2 (en) * 2010-05-19 2014-07-01 Alcatel Lucent Method and apparatus for MPLS label allocation for a BGP MAC-VPN
US8705526B1 (en) * 2010-12-03 2014-04-22 Juniper Networks, Inc. Extending VPLS support for CE lag multi-homing
CN102143026B (en) * 2011-04-29 2014-03-12 杭州华三通信技术有限公司 Method for avoiding loop circuit in virtual two layer network
US8792501B1 (en) * 2011-05-25 2014-07-29 Juniper Networks, Inc. Active-active multi-homing with multi-chassis pseudowire link aggregation
CN102882779A (en) * 2011-07-14 2013-01-16 中兴通讯股份有限公司 VRRP (Virtual Router Redundancy Protocol) advertisement link protection method and system
EP2811697B1 (en) * 2012-02-24 2016-08-03 Huawei Technologies Co., Ltd. Method and device for determining establishment of multi-protocol label switching traffic engineering tunnel
US20140204760A1 (en) * 2013-01-22 2014-07-24 Brocade Communications Systems, Inc. Optimizing traffic flows via mac synchronization when using server virtualization with dynamic routing

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7606939B1 (en) * 2002-10-31 2009-10-20 Cisco Technology, Inc. Scaling private virtual local area networks (VLANs) across large metropolitan area networks (MANs).
CN102255785A (en) * 2011-08-11 2011-11-23 杭州华三通信技术有限公司 Network isolation method in VPLS (Virtual Private Lan Service) and device thereof
CN103580917A (en) * 2013-10-23 2014-02-12 华为技术有限公司 Method for achieving network topology, provider edges and customer edges
CN104135420A (en) * 2014-07-31 2014-11-05 华为技术有限公司 A method, apparatus and system for forwarding message

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112838982A (en) * 2019-11-22 2021-05-25 华为技术有限公司 Method, equipment and system for switching message transmission path
CN112838982B (en) * 2019-11-22 2024-04-26 华为技术有限公司 Message transmission path switching method, device and system
CN114679405A (en) * 2022-04-12 2022-06-28 烽火通信科技股份有限公司 SRv6 message forwarding method, storage medium, electronic equipment and device

Also Published As

Publication number Publication date
CN104135420A (en) 2014-11-05
CN104135420B (en) 2017-12-29

Similar Documents

Publication Publication Date Title
WO2016015497A1 (en) Method, device and system for forwarding packet
US11533249B2 (en) Route processing method and apparatus, and data transmission method and apparatus
EP3595248B1 (en) Static route advertisement
EP3065342B1 (en) Update of mac routes in evpn single-active topology
CN111510379B (en) EVPN message processing method, device and system
WO2017114196A1 (en) Packet processing method, related apparatus and nvo3 network system
EP3264690A1 (en) Bridge for connecting layer 2 and layer 3 virtual networks
US9197721B2 (en) Learning a MAC address
US9858163B2 (en) Dual adjacency between edge devices at a network site
US9860169B1 (en) Neighbor resolution for remote EVPN hosts in IPV6 EVPN environment
US9100213B1 (en) Synchronizing VPLS gateway MAC addresses
US8694664B2 (en) Active-active multi-homing support for overlay transport protocol
WO2015165311A1 (en) Method for transmitting data packet and provider edge device
US8654632B2 (en) Method for fast switching traffic in H-VPLS
US9300524B2 (en) Message forwarding between geographically dispersed network sites
CN108574616A (en) A kind of method, equipment and the system of processing routing
CN109995654B (en) Method and device for transmitting data based on tunnel
EP3188422B1 (en) Traffic black holing avoidance and fast convergence for active-active pbb-evpn redundancy
WO2015123987A1 (en) Packet forwarding method and device
GB2497202A (en) Transmitting frames between, possibly different, local VLANs by encapsulating frames for global VLAN tunnel
WO2013139159A1 (en) Method for forwarding packet in network and provider edge device
CN103326915A (en) Method, device and system for achieving three-layer VPN
WO2021093463A1 (en) Packet forwarding method, first network device, and first device group
WO2022117018A1 (en) Packet transmission method and apparatus
CN103369064A (en) Method and equipment for learning ARP (Address Resolution Protocol) entries

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15826642

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15826642

Country of ref document: EP

Kind code of ref document: A1